f7af195b4a3b031b80afec71eef4bbdd89d85ff94b30c42eecb0eef953c0a930

Analysis

max time kernel
140s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 05:39

Target

f7af195b4a3b031b80afec71eef4bbdd89d85ff94b30c42eecb0eef953c0a930.dll
Size

132KB
MD5

ad120b19aa5805b07a635661218ad303
SHA1

81d80591b3ddfc2f0a3804f6fe42ecd31d8c9aac
SHA256

f7af195b4a3b031b80afec71eef4bbdd89d85ff94b30c42eecb0eef953c0a930
SHA512

8ed14c829993ffcd652dee709e67eebd5b3a5ca98fb93221b6b994eb17daefb7ecf6e54d04dc39b51921a1b6971adec3f94a9ad0f0a4aad557da5a32daad633b
SSDEEP

3072:s+bXk/mO37vr+maHmCHv020AQZALiwnC6EQYOe1:tDO3ubyAQZAmwny

Score

1^/10

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1664	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3820 wrote to memory of 1664	3820	rundll32.exe	80
PID 3820 wrote to memory of 1664	3820	rundll32.exe	80
PID 3820 wrote to memory of 1664	3820	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7af195b4a3b031b80afec71eef4bbdd89d85ff94b30c42eecb0eef953c0a930.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3820
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f7af195b4a3b031b80afec71eef4bbdd89d85ff94b30c42eecb0eef953c0a930.dll,#1
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:1664

memory/1664-133-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download
memory/1664-134-0x0000000010000000-0x000000001003B000-memory.dmp

Filesize
236KB

Download