bddbf5fb0185eab9cb1cff90c7cb01c8f80d4b85e907c38a21ecb333be2ecb5d

Analysis

max time kernel
122s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 01:27

Target

bddbf5fb0185eab9cb1cff90c7cb01c8f80d4b85e907c38a21ecb333be2ecb5d.dll
Size

134KB
MD5

7f7fe1d18ce9ec0628b3fb4714cc119b
SHA1

f954d7df35c5fa3ed5ac4a09a123e7fb9d6d13f8
SHA256

bddbf5fb0185eab9cb1cff90c7cb01c8f80d4b85e907c38a21ecb333be2ecb5d
SHA512

6d9f60ab02d7aa55336a4b8476d590ed04523c0e04a86f91e3dd37496398ef798038e2a5a93a17eae2d8487b2c3c0636f820451bc81a143ce985c59d3f5555ec
SSDEEP

1536:LsIuIJkuvfZ/AuwMQvQ+5hd3ebcLViUqSecVuYXKc6nuPK+vp2A0XQpedFPQVHou:4NyxvfG1IgfObdzJdc6nuPKSpxpWUog

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2632 wrote to memory of 2260	2632	rundll32.exe	81
PID 2632 wrote to memory of 2260	2632	rundll32.exe	81
PID 2632 wrote to memory of 2260	2632	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bddbf5fb0185eab9cb1cff90c7cb01c8f80d4b85e907c38a21ecb333be2ecb5d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bddbf5fb0185eab9cb1cff90c7cb01c8f80d4b85e907c38a21ecb333be2ecb5d.dll,#1
  2⤵
  PID:2260

memory/2260-132-0x0000000000000000-mapping.dmp

Download
memory/2260-133-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download