aca53ee3d7d4e8ca0ba32c442e8c100a192ea710c22fea50c91011d1ef12e982

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 19:44

Target

aca53ee3d7d4e8ca0ba32c442e8c100a192ea710c22fea50c91011d1ef12e982.dll
Size

1.4MB
MD5

eed3b592013138f00cd0535988e5ba13
SHA1

88d31306584f2ba47a532c017c3626371c4f0444
SHA256

aca53ee3d7d4e8ca0ba32c442e8c100a192ea710c22fea50c91011d1ef12e982
SHA512

106a5264325948ec70b9dc68decb109a8d55e1f9f9b1d0bf8d8d5ded48816711bd9383ad99ea11bd096d03e8dedf4b75a6d01f4124d06b944e9061d9b3c38f69
SSDEEP

24576:w0Gks7sSCUVZ/Bge8ytD2w5TvPOjYEmpDzLb35roPmt6DhgSTtDS6ZS:wLtVTgEd7GgbloPm6t

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4540	5028	rundll32.exe	81
PID 5028 wrote to memory of 4540	5028	rundll32.exe	81
PID 5028 wrote to memory of 4540	5028	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aca53ee3d7d4e8ca0ba32c442e8c100a192ea710c22fea50c91011d1ef12e982.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aca53ee3d7d4e8ca0ba32c442e8c100a192ea710c22fea50c91011d1ef12e982.dll,#1
  2⤵
  PID:4540

memory/4540-136-0x0000000010000000-0x0000000010544000-memory.dmp

Filesize
5.3MB

Download