eafa04f888770226486034c3bfc5e0c95b91bed5567f047865117e6f3f46b79b

Analysis

max time kernel
112s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 16:24

Target

eafa04f888770226486034c3bfc5e0c95b91bed5567f047865117e6f3f46b79b.dll
Size

118KB
MD5

1d65d3486394e733aa607e81c0c7cb37
SHA1

863fee13acefaf638997db749a19fa0756066410
SHA256

eafa04f888770226486034c3bfc5e0c95b91bed5567f047865117e6f3f46b79b
SHA512

a8897a5cce205b958216bc87b0f7c782fb2d251139078ca9e757da932a61044a539858b1a1a6227dc2a2e5f2f651fb2074f3a74d13ecfed629ee64b5e425a265
SSDEEP

3072:t4JUnQP8jEruXZ7lSPgOYj2OCWkl9ZOjHD56:aWnQP8jEyjS5YIWWO0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 920 wrote to memory of 1992	920	rundll32.exe	16
PID 920 wrote to memory of 1992	920	rundll32.exe	16
PID 920 wrote to memory of 1992	920	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\eafa04f888770226486034c3bfc5e0c95b91bed5567f047865117e6f3f46b79b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:920
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\eafa04f888770226486034c3bfc5e0c95b91bed5567f047865117e6f3f46b79b.dll,#1
  2⤵
  PID:1992

memory/1992-133-0x0000000000810000-0x0000000000833000-memory.dmp

Filesize
140KB

Download