516a70f97cd217b38c4060cacd3df8880167912f94c0b71bb4c001b0c1028992

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
21/11/2022, 10:59

Target

516a70f97cd217b38c4060cacd3df8880167912f94c0b71bb4c001b0c1028992.dll
Size

392KB
MD5

113e162a98264a16d40062c11868e806
SHA1

5485cee803acb7192283ac7f5c0627d6d9e2d514
SHA256

516a70f97cd217b38c4060cacd3df8880167912f94c0b71bb4c001b0c1028992
SHA512

498326a1c514540b40f647e95480889a76ccc2368d51f0a4057593b0f50a148b7c677a02b0200bf2d9411dc51a8af0d794780810154675a21913b50b3d0c3ecb
SSDEEP

6144:sdoSityBcrECwzKPmMOSF1ck5z8894Xye/FjuSKJ2:0hOa7Cwve1c4ndedX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1540 wrote to memory of 4344	1540	rundll32.exe	83
PID 1540 wrote to memory of 4344	1540	rundll32.exe	83
PID 1540 wrote to memory of 4344	1540	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\516a70f97cd217b38c4060cacd3df8880167912f94c0b71bb4c001b0c1028992.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\516a70f97cd217b38c4060cacd3df8880167912f94c0b71bb4c001b0c1028992.dll,#1
  2⤵
  PID:4344

memory/4344-133-0x000000004A800000-0x000000004A862000-memory.dmp

Filesize
392KB

Download