afa4447be77f9cbd7ce7eedba000f1d183abe99d10ff2dc1f5afb3cc8d137bf7

Analysis

max time kernel
148s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 06:20

Target

afa4447be77f9cbd7ce7eedba000f1d183abe99d10ff2dc1f5afb3cc8d137bf7.dll
Size

93KB
MD5

f9fa19695ef423d15c7a7c84197719ce
SHA1

0575b8c42bcaea88f74b56f2cbb3e88e326769c5
SHA256

afa4447be77f9cbd7ce7eedba000f1d183abe99d10ff2dc1f5afb3cc8d137bf7
SHA512

808ff7207cedf9390db1936809cc35a14b605e9e2fe155e3b407627ffc930b348432edb6968b5292551bbcfde503b740f5a72d4b98d08f9818e7fd1e5da2b6bc
SSDEEP

1536:RrK8ksBAclf9o+7UZm5jCPmnfBvJh8KuKiBixUEEylME4eLcK1Uz/ni9:RrksBtlf1SSfNz5HiAEylMAYK1UG9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3208 wrote to memory of 4616	3208	rundll32.exe	80
PID 3208 wrote to memory of 4616	3208	rundll32.exe	80
PID 3208 wrote to memory of 4616	3208	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afa4447be77f9cbd7ce7eedba000f1d183abe99d10ff2dc1f5afb3cc8d137bf7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3208
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afa4447be77f9cbd7ce7eedba000f1d183abe99d10ff2dc1f5afb3cc8d137bf7.dll,#1
  2⤵
  PID:4616

memory/4616-133-0x0000000000AE0000-0x0000000000AEF000-memory.dmp

Filesize
60KB

Download
memory/4616-134-0x0000000000AF0000-0x0000000000AFF000-memory.dmp

Filesize
60KB

Download