491c6e9f11f0f55794952e2615264497989f42c55e3e35d4a65557786e3ee8a8

Analysis

max time kernel
151s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 12:20

Target

491c6e9f11f0f55794952e2615264497989f42c55e3e35d4a65557786e3ee8a8.dll
Size

120KB
MD5

29e66a91ac120683cc16d45db95cad0e
SHA1

87baddc193a8e8e33c07ea64ab2b943dd34647dd
SHA256

491c6e9f11f0f55794952e2615264497989f42c55e3e35d4a65557786e3ee8a8
SHA512

bffda250903f18ac0d46f02b102ad979120d5687cb0b766328d8d8cbaf1658f62fbccb864d3cd47d584749fde57183761418e04a3fb04482d60905f9b3181088
SSDEEP

3072:skcNwyLv/ENXtvh96FfrHDUmZRlIYU+8qeu:skc28696VLgzQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 3236	3444	rundll32.exe	79
PID 3444 wrote to memory of 3236	3444	rundll32.exe	79
PID 3444 wrote to memory of 3236	3444	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\491c6e9f11f0f55794952e2615264497989f42c55e3e35d4a65557786e3ee8a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\491c6e9f11f0f55794952e2615264497989f42c55e3e35d4a65557786e3ee8a8.dll,#1
  2⤵
  PID:3236

memory/3236-133-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download