baf7c50fb08142fed40cd33434671aece9734af9c66a3a1f00638ce92bbfb86d

Analysis

max time kernel
91s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 08:32

Target

baf7c50fb08142fed40cd33434671aece9734af9c66a3a1f00638ce92bbfb86d.dll
Size

19KB
MD5

61ab5a262a4f9af4f2530c5088454d30
SHA1

49c31fba857f87c2933bb5a74f62b6c2e24f9e8d
SHA256

baf7c50fb08142fed40cd33434671aece9734af9c66a3a1f00638ce92bbfb86d
SHA512

f7c0653328e226e4055d8212c432ae3ca8d27dad2f80c4357f74ecbba8cf701915aba843337265fa39636ef8fb7095055385ef4d5031e5d533128ba795221e4e
SSDEEP

384:qcuBjethO3Um7faB1lGqhwK5CqY11CirL8fGj42ZvvrBnwd4:qBCqTu1lGqhr5CP1us1BvNwd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 2124	5036	rundll32.exe	81
PID 5036 wrote to memory of 2124	5036	rundll32.exe	81
PID 5036 wrote to memory of 2124	5036	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\baf7c50fb08142fed40cd33434671aece9734af9c66a3a1f00638ce92bbfb86d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\baf7c50fb08142fed40cd33434671aece9734af9c66a3a1f00638ce92bbfb86d.dll,#1
  2⤵
  PID:2124

memory/2124-133-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download