f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 18:50

Target

f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll
Size

312KB
MD5

266710952349ee4feed65e58c7bb0ec0
SHA1

edc028b3087dd7a4362334fc6d52e35622bdcf56
SHA256

f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617
SHA512

73bc238d467732129f4e00281bda6e0e4b47a7a9974642ba65384f14b6d4e76967b4720ed52b0738018678f56e38c66c488cdecb94704920fcc0d1b7ebcacb89
SSDEEP

6144:7sQl8r0FiGAn4yZ6XtrOt5Jxfw2dHLUIpDCzi5ijH:BW6pufwI9CmwjH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4656 wrote to memory of 4860	4656	rundll32.exe	rundll32.exe
PID 4656 wrote to memory of 4860	4656	rundll32.exe	rundll32.exe
PID 4656 wrote to memory of 4860	4656	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4656

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f96ae678eb2eb51baac15d005fc2b0714533d49043f510a7286b73a6256fc617.dll,#1
2⤵
PID:4860

memory/4860-132-0x0000000000000000-mapping.dmp

Download
memory/4860-133-0x0000000010000000-0x000000001004E000-memory.dmp

Filesize
312KB

Download