d0fb6a2d9451e072bb9191c5447d3e93d0d444d61f8564cedab301fcebef7fcb

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 17:14

Target

d0fb6a2d9451e072bb9191c5447d3e93d0d444d61f8564cedab301fcebef7fcb.dll
Size

143KB
MD5

45fbd38fec33e6fad1943a3ea13a28c6
SHA1

01a7c92d3700487d92c4399ef43e8c1748b517bb
SHA256

d0fb6a2d9451e072bb9191c5447d3e93d0d444d61f8564cedab301fcebef7fcb
SHA512

fe6e4d05cc26dc240e31e11eacd904d8e454d8989aa18a14975bf4d13dad4fd16261feb6e84b2e46351306d28060539a97a0b3c14d14f656407421e918b4a62d
SSDEEP

1536:D3IMAIVIJkuvfZ/Auw+oqmqKlBfI2BTCsCkul+NrKgNk6xWpz28c2n:D3aiyxvfGHfIQuiddci92

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4024 wrote to memory of 1268	4024	rundll32.exe	79
PID 4024 wrote to memory of 1268	4024	rundll32.exe	79
PID 4024 wrote to memory of 1268	4024	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0fb6a2d9451e072bb9191c5447d3e93d0d444d61f8564cedab301fcebef7fcb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4024
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0fb6a2d9451e072bb9191c5447d3e93d0d444d61f8564cedab301fcebef7fcb.dll,#1
  2⤵
  PID:1268

memory/1268-133-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download