a8e6cbe688c7d29813329aada60488b9359cfc36478567ca0acd18ac2889f5a7

Analysis

max time kernel
111s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 02:01

Target

a8e6cbe688c7d29813329aada60488b9359cfc36478567ca0acd18ac2889f5a7.dll
Size

104KB
MD5

5b8da3790242596e66a7ec948cc56590
SHA1

1e172cc81f5912d623d6527fed4f79f583732797
SHA256

a8e6cbe688c7d29813329aada60488b9359cfc36478567ca0acd18ac2889f5a7
SHA512

b40323a22e392bc4757d56ce7b6b14cde0082b4b7339a7ece3e4649b7f7c3fa6837fb3b3b9353ff213658140cb105a17f51967fa2a7a6473ff3d170cd8f362ae
SSDEEP

1536:K0S8W8byozctUIBwRDacenH4Dyo/JrV9LrBH1OC5rggwHWQFgE/XuCdg0d/T85Ub:KqHzcALu/2U6k+QmUb0rwn9COeXtbj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4540	5028	rundll32.exe	81
PID 5028 wrote to memory of 4540	5028	rundll32.exe	81
PID 5028 wrote to memory of 4540	5028	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8e6cbe688c7d29813329aada60488b9359cfc36478567ca0acd18ac2889f5a7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8e6cbe688c7d29813329aada60488b9359cfc36478567ca0acd18ac2889f5a7.dll,#1
  2⤵
  PID:4540

memory/4540-136-0x000000006D390000-0x000000006D3AE000-memory.dmp

Filesize
120KB

Download