5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59

Analysis

max time kernel
94s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 19:05

Target

5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll
Size

739KB
MD5

04eea8f6b9ce0dafc9479a1c2bcd34d6
SHA1

7cc143dda35c90ca401879a066e815b65a1592a0
SHA256

5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59
SHA512

ca6de25994b69faf101f5333fea1be46e3f17d3144f8357ffd1c493e85657d60b32281c155c65ca5624fe8b92e1fe985c1ccffe69fe3ff43c65bbbb368a2d34a
SSDEEP

12288:0jsUzfz0LLWlMUd4gqt+2hniu5vRnTCniBlYx84Qz+:pUrgLW6g4AS5vRnTCniBlYx84Qa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4284 wrote to memory of 2776	4284	rundll32.exe	rundll32.exe
PID 4284 wrote to memory of 2776	4284	rundll32.exe	rundll32.exe
PID 4284 wrote to memory of 2776	4284	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ab4e4b2274121a4fcca53cba561bc20be425e80e2aa1ed7490efa2cb94f4e59.dll,#1
2⤵
PID:2776

memory/2776-132-0x0000000000000000-mapping.dmp

Download
memory/2776-133-0x0000000010000000-0x00000000102AE000-memory.dmp

Filesize
2.7MB

Download