af1f43c1d7f420ce83fa08a41227a4680869fa1a9f86a0aba5b982f1e53bae55

Analysis

max time kernel
112s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 19:42

Target

af1f43c1d7f420ce83fa08a41227a4680869fa1a9f86a0aba5b982f1e53bae55.dll
Size

22KB
MD5

06f0a6c2d731b1315be46f9f890688b0
SHA1

ea27d8d9942cfb965924246fbea8b3bd24a1ade3
SHA256

af1f43c1d7f420ce83fa08a41227a4680869fa1a9f86a0aba5b982f1e53bae55
SHA512

15a520a26de9ff5911d169802b0c5674e090badc7ee55f199e889994d4e65200207ece0ad587070aee1257c71a6ad52fcf6e834bce898409e94c88e1fa551b99
SSDEEP

192:96BNWJ+Fs3qnZID0W9NzWLDU41PljFNtzck4Y9xM33YLjc1Mi6QNu8:96BNWGlZIAWfzWLDn3tzc2nc+i7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 4904	3548	rundll32.exe	80
PID 3548 wrote to memory of 4904	3548	rundll32.exe	80
PID 3548 wrote to memory of 4904	3548	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af1f43c1d7f420ce83fa08a41227a4680869fa1a9f86a0aba5b982f1e53bae55.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af1f43c1d7f420ce83fa08a41227a4680869fa1a9f86a0aba5b982f1e53bae55.dll,#1
  2⤵
  PID:4904

memory/4904-133-0x0000000071AD0000-0x0000000071ADA000-memory.dmp

Filesize
40KB

Download