5da2988755c4468663366596632534d72b9d77489587c225821514ff9113acf8

Analysis

max time kernel
155s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 02:18

Target

5da2988755c4468663366596632534d72b9d77489587c225821514ff9113acf8.dll
Size

484KB
MD5

0c23202daf737326de2904c915ff0133
SHA1

9f610e80587f08dc25f7db198d933fb6533dd9c9
SHA256

5da2988755c4468663366596632534d72b9d77489587c225821514ff9113acf8
SHA512

1fa75396286c96b96124d9384290e218b6eddb4dcaa22611c3594c599361a10489b83ab91881118d5f17015ed7e8324321d4864c6b929ecd91571b3670285566
SSDEEP

6144:sdoSityBcrECwzKPmMOSF1ck5zmX19hDCXZTPjbiqUyu5oCDAPA:0hOa7Cwve1c4mX19BC1u5o2EA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2092 wrote to memory of 3068	2092	rundll32.exe	80
PID 2092 wrote to memory of 3068	2092	rundll32.exe	80
PID 2092 wrote to memory of 3068	2092	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5da2988755c4468663366596632534d72b9d77489587c225821514ff9113acf8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5da2988755c4468663366596632534d72b9d77489587c225821514ff9113acf8.dll,#1
  2⤵
  PID:3068

memory/3068-133-0x000000004A800000-0x000000004A879000-memory.dmp

Filesize
484KB

Download