a8130d3744c89f21a95f6cd9edd6fd73275ba8509632eb0de4ecb8b1b674db14

Analysis

max time kernel
146s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:30

Target

a8130d3744c89f21a95f6cd9edd6fd73275ba8509632eb0de4ecb8b1b674db14.dll
Size

75KB
MD5

fd156962e4a326406a48b3043556e47c
SHA1

938ce2cafb0906e645b95b64abf2a7a9f5962289
SHA256

a8130d3744c89f21a95f6cd9edd6fd73275ba8509632eb0de4ecb8b1b674db14
SHA512

3d7666aa481a57a20eb0b9fff7391e2b3a49bf85a212987a596449b001481e7b5ba1a5625278db30f48500e327c0794ffa4bab4dc8cc9dc02f6c4481e132aca5
SSDEEP

1536:IykzkaglhmWepxZSa3/TsNbEkTZCAhEay++H0nTmV7HdeECP:IFzkaQhmWepxZSiTK4Ah9y+U5deEA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 540 wrote to memory of 3356	540	rundll32.exe	80
PID 540 wrote to memory of 3356	540	rundll32.exe	80
PID 540 wrote to memory of 3356	540	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8130d3744c89f21a95f6cd9edd6fd73275ba8509632eb0de4ecb8b1b674db14.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8130d3744c89f21a95f6cd9edd6fd73275ba8509632eb0de4ecb8b1b674db14.dll,#1
  2⤵
  PID:3356

memory/3356-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download