fa4f15617e82a02118ef09091c5ab22c0a3585899b7f2892d6c7e3e402dbc1eb

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 10:54

Target

fa4f15617e82a02118ef09091c5ab22c0a3585899b7f2892d6c7e3e402dbc1eb.dll
Size

57KB
MD5

a4065be86ea3df90fadd02d1666c7d99
SHA1

ab44920ddeb27951d363cc329b37d3f886fabb32
SHA256

fa4f15617e82a02118ef09091c5ab22c0a3585899b7f2892d6c7e3e402dbc1eb
SHA512

465a9459a62c5e551be8bc0453896dfec99a7fb7416825a9af928739387db2d2b32ae22876e0f8d794138464c1422d82228762ad5cdedb2cafbc5196f0ae1996
SSDEEP

1536:N4Dnw1PqUN+84O+JSJYvi3TB1dRxW2mNVUOuRbqruZh2E1k:NywZpASy29RxW2ANuRGqHk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 2708	5068	rundll32.exe	81
PID 5068 wrote to memory of 2708	5068	rundll32.exe	81
PID 5068 wrote to memory of 2708	5068	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa4f15617e82a02118ef09091c5ab22c0a3585899b7f2892d6c7e3e402dbc1eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa4f15617e82a02118ef09091c5ab22c0a3585899b7f2892d6c7e3e402dbc1eb.dll,#1
  2⤵
  PID:2708

memory/2708-133-0x0000000010000000-0x000000001002B000-memory.dmp

Filesize
172KB

Download