17fb5b16699063f5ffdfb51de0a8cce6883696cad284ce8a8177d9ff4b50ee58

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 14:50

Target

17fb5b16699063f5ffdfb51de0a8cce6883696cad284ce8a8177d9ff4b50ee58.dll
Size

244KB
MD5

44419b4dbd367d8cc558e0f40ecc873c
SHA1

6e6d11af130eae524236ad79fde77755be7ca06f
SHA256

17fb5b16699063f5ffdfb51de0a8cce6883696cad284ce8a8177d9ff4b50ee58
SHA512

7fe0d292ee66e6052d4578ef54ccb77cb110c1abb2ca5bb2fd7e48f565d793bc79024723d22d6089d7a124841ff7788f3c5de75ca67b99c9f35b7f9e3e9d1b62
SSDEEP

6144:/hxb9xGMFUMK4wBgFb1TLdVkX4CMU2mOMwVvddoM:5xBxGFMvwmb1TLnkrMUIMw3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 4100	4344	rundll32.exe	80
PID 4344 wrote to memory of 4100	4344	rundll32.exe	80
PID 4344 wrote to memory of 4100	4344	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17fb5b16699063f5ffdfb51de0a8cce6883696cad284ce8a8177d9ff4b50ee58.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17fb5b16699063f5ffdfb51de0a8cce6883696cad284ce8a8177d9ff4b50ee58.dll,#1
  2⤵
  PID:4100

memory/4100-133-0x0000000010000000-0x0000000010046000-memory.dmp

Filesize
280KB

Download
memory/4100-134-0x0000000000C70000-0x0000000000CBC000-memory.dmp

Filesize
304KB

Download