d81d669c97f4c5680dd93feaa58e0f459aaf49483d31ec2fec583425507cfbb8

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:58

Target

d81d669c97f4c5680dd93feaa58e0f459aaf49483d31ec2fec583425507cfbb8.dll
Size

149KB
MD5

b6b9d51803858337ae7809695ed3b6ad
SHA1

97fe8b016e18c0c408723238ae035679bfeb186f
SHA256

d81d669c97f4c5680dd93feaa58e0f459aaf49483d31ec2fec583425507cfbb8
SHA512

d8c9539fa95aaa93a17bc24ed8e67a2cbbc65ad54a02d2886a398bb70b936d48762dc9bacfa5a7c58c2b78e7850b337020584a4f5bf4f8ef581a2a5805f9fb2a
SSDEEP

1536:oFhcI9IJkuvfZ/AuwQDEDZMJ3uxJtcw7eHWUFcYfTrW4rZq1SI6npoAXy/RQ8FW2:h6yxvfGQDo2pGe/lfWomh63f8L

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5016 wrote to memory of 5084	5016	rundll32.exe	82
PID 5016 wrote to memory of 5084	5016	rundll32.exe	82
PID 5016 wrote to memory of 5084	5016	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d81d669c97f4c5680dd93feaa58e0f459aaf49483d31ec2fec583425507cfbb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d81d669c97f4c5680dd93feaa58e0f459aaf49483d31ec2fec583425507cfbb8.dll,#1
  2⤵
  PID:5084

memory/5084-133-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download