fed803f8b251262de1b7b02db3b501f48a400162c58f2329d17f14e700d26688

Analysis

max time kernel
136s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 10:42

Target

fed803f8b251262de1b7b02db3b501f48a400162c58f2329d17f14e700d26688.dll
Size

152KB
MD5

5c1750ef105085615bf62a3fc78607b3
SHA1

739c4b97cba98dfb1a2110cccdf31547b6b92c86
SHA256

fed803f8b251262de1b7b02db3b501f48a400162c58f2329d17f14e700d26688
SHA512

d93071d5c4a739ba90c1dcd0989658a6ee2ba180e92db6534c8642cfcff11c4eb40b9e08eac2748356681da0a1cdc05103730607a21e78cb08a4ff27a17d6144
SSDEEP

1536:TZIsIw/I2IuIJkuvfZ/Auw6qSDz6PWtKtPO2N1juz+xwHpRv6hDf:17JFNyxvfGTSn6O62O1vgv6hDf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 636 wrote to memory of 768	636	rundll32.exe	80
PID 636 wrote to memory of 768	636	rundll32.exe	80
PID 636 wrote to memory of 768	636	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fed803f8b251262de1b7b02db3b501f48a400162c58f2329d17f14e700d26688.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fed803f8b251262de1b7b02db3b501f48a400162c58f2329d17f14e700d26688.dll,#1
  2⤵
  PID:768

memory/768-132-0x0000000000000000-mapping.dmp

Download
memory/768-133-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download