bec109c287cdc780d9015bddd3d3d5308896f8b2c70ab072725608ad7abd9218

Analysis

max time kernel
151s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 06:03

Target

bec109c287cdc780d9015bddd3d3d5308896f8b2c70ab072725608ad7abd9218.dll
Size

137KB
MD5

a63105db9934438f0d06a5ecea761d10
SHA1

2fb8c8878e4ca901f56e217e1b639b410284486e
SHA256

bec109c287cdc780d9015bddd3d3d5308896f8b2c70ab072725608ad7abd9218
SHA512

d119461cf9cf4e32d661e1d4aee6c44b07cde6d6c3ff952090b15fa12e3de032178f75da352d452f7f95d179dae3768131fa837e058db660925a3fa34420c364
SSDEEP

3072:C8wA0TMD5Dqg0yN1nvAANSw8ltWoihGCyMOLySWst+fXx20ILR:C8w6D4Kotup0LWI+fM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 4964	1900	rundll32.exe	80
PID 1900 wrote to memory of 4964	1900	rundll32.exe	80
PID 1900 wrote to memory of 4964	1900	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bec109c287cdc780d9015bddd3d3d5308896f8b2c70ab072725608ad7abd9218.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bec109c287cdc780d9015bddd3d3d5308896f8b2c70ab072725608ad7abd9218.dll,#1
  2⤵
  PID:4964

memory/4964-133-0x0000000000810000-0x000000000083B000-memory.dmp

Filesize
172KB

Download