b694fa7ac0cca4f264adf9bdc32f348ca12708cfee4acf6d98fffaaa48b60e0b

Analysis

max time kernel
274s
max time network
380s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 19:44

Target

b694fa7ac0cca4f264adf9bdc32f348ca12708cfee4acf6d98fffaaa48b60e0b.dll
Size

10KB
MD5

89c6c32942dca2a8cf751a5b75042ed3
SHA1

5b6b288407c697a42994b5767af0c957e39a6ad8
SHA256

b694fa7ac0cca4f264adf9bdc32f348ca12708cfee4acf6d98fffaaa48b60e0b
SHA512

8dd3abd33e985eb49d016f18d7aea039c657d1969c9bc652c244652a505b00a6eefc7df7301e497d630d889c8febcc1c9a31f28c8f5f5568f4f7650d08d32742
SSDEEP

192:qDLw8dHabRDEgtHyl0NSypWak6HVdW3yWak8QjdW3w92b:kldHad/N20IypWak8dWiWak8EdW7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 3104	1356	rundll32.exe	79
PID 1356 wrote to memory of 3104	1356	rundll32.exe	79
PID 1356 wrote to memory of 3104	1356	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b694fa7ac0cca4f264adf9bdc32f348ca12708cfee4acf6d98fffaaa48b60e0b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b694fa7ac0cca4f264adf9bdc32f348ca12708cfee4acf6d98fffaaa48b60e0b.dll,#1
  2⤵
  PID:3104

memory/3104-133-0x000000006D991000-0x000000006D993000-memory.dmp

Filesize
8KB

Download