59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb

Analysis

max time kernel
145s
max time network
169s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 04:54

Target

59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb.dll
Size

59KB
MD5

6c207a1948a35a343f5a2720557359a0
SHA1

866d56abd9007645c8e912d62780544c017b1a35
SHA256

59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb
SHA512

d62c85e72993c48dfbf7995945299859181633e2a8c3aba6bfd4fa9ce5487489bc0cb5137b1c8cc2898ad0c37a8e99c993da7e89b074f4599b846cad8ef52d22
SSDEEP

1536:BfQAl+7ovO8h7exQuhcIdadtpV5MgLkcB5:dQAl+p8h9uSXDg8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4360 wrote to memory of 4624	4360	rundll32.exe	77
PID 4360 wrote to memory of 4624	4360	rundll32.exe	77
PID 4360 wrote to memory of 4624	4360	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4360
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59a001a4b053dce211c5b4064f2b3c2baa709845ec4d1f3517021b90d8f120cb.dll,#1
  2⤵
  PID:4624

memory/4624-133-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download