faf58e0a62a38e9f2cd77811d9a5806fd2e69099f38bca8b6ff137c660144530

Analysis

max time kernel
219s
max time network
279s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 15:54

Target

faf58e0a62a38e9f2cd77811d9a5806fd2e69099f38bca8b6ff137c660144530.dll
Size

121KB
MD5

33508d9ebc8cf3c04dc2b310027f28a5
SHA1

6416dfb7bdf8588b2f3b1c58be098b345cc7a048
SHA256

faf58e0a62a38e9f2cd77811d9a5806fd2e69099f38bca8b6ff137c660144530
SHA512

f403a86f3b50fc2b127ed2bd5cee9bcc19334072907b96aeb382d3dc51bba980cba66d9e35cb339d95a9b332da3942bc7f97c883f1b929c00d4f95dc30e3ae0d
SSDEEP

1536:wIq+E53FXSNRPV+w8hcqLNhrgIvNSFC/6MIvcg9BkQmwTvaDTfNWtHiG7E96RXUg:PaFCNRPV+wycOSFNmwTvaDUHFELS9xcC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 4524	4992	rundll32.exe	81
PID 4992 wrote to memory of 4524	4992	rundll32.exe	81
PID 4992 wrote to memory of 4524	4992	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\faf58e0a62a38e9f2cd77811d9a5806fd2e69099f38bca8b6ff137c660144530.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\faf58e0a62a38e9f2cd77811d9a5806fd2e69099f38bca8b6ff137c660144530.dll,#1
  2⤵
  PID:4524

memory/4524-133-0x00000000003B0000-0x00000000003D4000-memory.dmp

Filesize
144KB

Download