d7fba6d0a809febd6173920facc54ecd7139f6198cab9eb50527ef898d223b88

Analysis

max time kernel
196s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 09:38

Target

d7fba6d0a809febd6173920facc54ecd7139f6198cab9eb50527ef898d223b88.dll
Size

144KB
MD5

fa085a0cc51b2a481e88bf472d3b537e
SHA1

87bdbc2d7b5e7098c6ddd6d25a71f64599e29206
SHA256

d7fba6d0a809febd6173920facc54ecd7139f6198cab9eb50527ef898d223b88
SHA512

053519ea88403503ef29d551d086026d691cce21735b82e5917344b6dbbb2af6edad2c787958d3eafd3c23792c38cb2e929c8ba7c6c8c903c74f39d675d932a1
SSDEEP

3072:j6/XfqjVEi9VuP0BrVt5J9nMxwqVrRwDyY:tjFVuCrpJ5AwqVrRwD3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2844 wrote to memory of 2804	2844	rundll32.exe	80
PID 2844 wrote to memory of 2804	2844	rundll32.exe	80
PID 2844 wrote to memory of 2804	2844	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7fba6d0a809febd6173920facc54ecd7139f6198cab9eb50527ef898d223b88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d7fba6d0a809febd6173920facc54ecd7139f6198cab9eb50527ef898d223b88.dll,#1
  2⤵
  PID:2804

memory/2804-133-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download
memory/2804-134-0x0000000010000000-0x0000000010025000-memory.dmp

Filesize
148KB

Download