44ae2e028a75a5474d682478e92ee3d0dc90ee7476885ee74b477c6f7b9e2a05

Analysis

max time kernel
93s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:57

Target

44ae2e028a75a5474d682478e92ee3d0dc90ee7476885ee74b477c6f7b9e2a05.dll
Size

66KB
MD5

f861cf5404d0a3abbb4349e757cf2bd0
SHA1

2d2713b0010cb21fc9c71995f728978c69af74a0
SHA256

44ae2e028a75a5474d682478e92ee3d0dc90ee7476885ee74b477c6f7b9e2a05
SHA512

dce2564bf6fdc231beef1cad9f5bc859aef02d52d1a2328bf6a392ae2f666fcbc0eb21f40a20f6d69d3b2acf1477ba2581c5c71ee493b45fd8cf293615d72d2a
SSDEEP

1536:evW4Y4JJeDPt6kx+qNiBD2qMEradUin6eWC1cDQo:H4Y8Jns1MBKqHradBAX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 5056	4264	rundll32.exe	81
PID 4264 wrote to memory of 5056	4264	rundll32.exe	81
PID 4264 wrote to memory of 5056	4264	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ae2e028a75a5474d682478e92ee3d0dc90ee7476885ee74b477c6f7b9e2a05.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44ae2e028a75a5474d682478e92ee3d0dc90ee7476885ee74b477c6f7b9e2a05.dll,#1
  2⤵
  PID:5056

memory/5056-133-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download