06ba17c5606f40b260f0c0158fa78a52224b251727ee650ae2ea611d3206cf26

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:17

Target

f1aa3e3b09a8c84cbfaaaef076b3e19a79bb1a82ee5905a2358bc4d2167225de.dll
Size

505KB
MD5

1382e3d0199f8db6deb016a7d6e11684
SHA1

701e3acad5ca1151dda7d76893bcba5a3eedf016
SHA256

06ba17c5606f40b260f0c0158fa78a52224b251727ee650ae2ea611d3206cf26
SHA512

d727a5f49075c4f2f9f7e872ca9231e618cc5836eaf6493547e08413fbc53ca837ca3127a0932d7683425881df1a43553832f6477c3d3714a12701934c92ce91
SSDEEP

6144:RZn93qk+7206ViSn9hagxr1nIJ03ggHdhsdbRfeeOM:RBhqVi+saa6J+ggHbsdweOM

Score

8^/10

Blocklisted process makes network request 6 IoCs

Processes:

rundll32.exe

flow pid process

1 5096 rundll32.exe
17 5096 rundll32.exe
33 5096 rundll32.exe
46 5096 rundll32.exe
57 5096 rundll32.exe
62 5096 rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3780 wrote to memory of 5096	3780	rundll32.exe	rundll32.exe
PID 3780 wrote to memory of 5096	3780	rundll32.exe	rundll32.exe
PID 3780 wrote to memory of 5096	3780	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1aa3e3b09a8c84cbfaaaef076b3e19a79bb1a82ee5905a2358bc4d2167225de.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1aa3e3b09a8c84cbfaaaef076b3e19a79bb1a82ee5905a2358bc4d2167225de.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:5096

memory/5096-132-0x0000000000000000-mapping.dmp

Download
memory/5096-133-0x0000000001010000-0x0000000001017000-memory.dmp

Filesize
28KB

Download