fc558dbfb81c001ac39647eb4866a2d7bdb8b27264e5e50cad7d4f50f9260a02

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 10:08

Target

fc558dbfb81c001ac39647eb4866a2d7bdb8b27264e5e50cad7d4f50f9260a02.dll
Size

1.2MB
MD5

31724b62d110c86155d5e040d78ed5f0
SHA1

9d60af639de221107339394f8d064b6cb815deda
SHA256

fc558dbfb81c001ac39647eb4866a2d7bdb8b27264e5e50cad7d4f50f9260a02
SHA512

489125b4789fc6f1e80aa0fab8b59fd82d6ede6d25064740f150aa2ae6e0f5050515a8909fa769793cf3f9a88c936bff20939f56ef0af7bee7bbc70fb1e48573
SSDEEP

24576:+6Do3Fm5BmmQoEog+AjOFO98yvDpqmltTgbdIDn:9ccfrzgdL98yvxTDn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 2172	4904	rundll32.exe	82
PID 4904 wrote to memory of 2172	4904	rundll32.exe	82
PID 4904 wrote to memory of 2172	4904	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc558dbfb81c001ac39647eb4866a2d7bdb8b27264e5e50cad7d4f50f9260a02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fc558dbfb81c001ac39647eb4866a2d7bdb8b27264e5e50cad7d4f50f9260a02.dll,#1
  2⤵
  PID:2172

memory/2172-133-0x0000000075530000-0x0000000075669000-memory.dmp

Filesize
1.2MB

Download