5d54290fa001c12b5a4a4db2cb1fd905f306c0756e46fd7642835c55ff111c40

Analysis

max time kernel
174s
max time network
226s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 19:43

Target

5d54290fa001c12b5a4a4db2cb1fd905f306c0756e46fd7642835c55ff111c40.dll
Size

22KB
MD5

69d2cf8f905757f66723945ba3617d60
SHA1

246e344283660085fec02206ba6fdeb7aa9394d8
SHA256

5d54290fa001c12b5a4a4db2cb1fd905f306c0756e46fd7642835c55ff111c40
SHA512

5a716365780adf83b0a03b61ee6c4910fb127b64a791c8541f60a4165c4248e0e3c36d938e993e3d8a289408effb0944ca0bd4bb73d528f67b8cb6214b41fd0d
SSDEEP

192:96BNWJ+Fs3qnZID0W9NzWLDU41PljFNtzck4Y9xM33YLjc1Mi6QNu8X:96BNWGlZIAWfzWLDn3tzc2nc+i7V

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2076 wrote to memory of 4252	2076	rundll32.exe	84
PID 2076 wrote to memory of 4252	2076	rundll32.exe	84
PID 2076 wrote to memory of 4252	2076	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d54290fa001c12b5a4a4db2cb1fd905f306c0756e46fd7642835c55ff111c40.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2076
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d54290fa001c12b5a4a4db2cb1fd905f306c0756e46fd7642835c55ff111c40.dll,#1
  2⤵
  PID:4252

memory/4252-133-0x0000000071AD0000-0x0000000071ADA000-memory.dmp

Filesize
40KB

Download