984b5d3268b4db865e95bba648cc42c8c9f75431698fc15a00ecdd1e3144079a

Analysis

max time kernel
152s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/11/2022, 13:04

Target

984b5d3268b4db865e95bba648cc42c8c9f75431698fc15a00ecdd1e3144079a.dll
Size

10KB
MD5

07727191086a931d94e5ea45b7ac4c4f
SHA1

53146e2512b048436b7b35e02bde37e2a061729e
SHA256

984b5d3268b4db865e95bba648cc42c8c9f75431698fc15a00ecdd1e3144079a
SHA512

859b5396ea7c23f9003f292caaa05a6f99997aeb05b1b75950eabd33e18efe895bc87aa097c65af222196c7cede399a90d789b294d02b6c16caf86b4e6fa969b
SSDEEP

192:41mjfw8dHabRDEgzHyl0NSyFWakiP84dW3qWak8Q7dW3o92b:48jhdHad/z20IyFWakC84dWaWak8cdWj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5116 wrote to memory of 4076	5116	rundll32.exe	80
PID 5116 wrote to memory of 4076	5116	rundll32.exe	80
PID 5116 wrote to memory of 4076	5116	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\984b5d3268b4db865e95bba648cc42c8c9f75431698fc15a00ecdd1e3144079a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\984b5d3268b4db865e95bba648cc42c8c9f75431698fc15a00ecdd1e3144079a.dll,#1
  2⤵
  PID:4076

memory/4076-133-0x000000006DD21000-0x000000006DD23000-memory.dmp

Filesize
8KB

Download