a5bb3b2449654dd7ab8dd4922737a2f5e3d066f0079453be65a34b1ae90edc90

Analysis

max time kernel
149s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 11:06

Target

a5bb3b2449654dd7ab8dd4922737a2f5e3d066f0079453be65a34b1ae90edc90.dll
Size

124KB
MD5

bcf3013f8fc19a56ba7f008e369e08aa
SHA1

810050925435893f9f78a2ff1b3db92297e3dbe3
SHA256

a5bb3b2449654dd7ab8dd4922737a2f5e3d066f0079453be65a34b1ae90edc90
SHA512

a9bd8fb62fe301593dda36fad6be856ccfc638fbbed74a49a43b8792092c7efc2de298396483fe8cc6affcf472a47192394f3059ce20e7f7cf1f1e70b10449da
SSDEEP

3072:gXHOeUTg7o0HEVhkPK7Hm4Jg63cASrJYVY3pfwjlySv9nrPOD:abUT10LPKQN1pfwxRPOD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1428 wrote to memory of 3552	1428	rundll32.exe	78
PID 1428 wrote to memory of 3552	1428	rundll32.exe	78
PID 1428 wrote to memory of 3552	1428	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5bb3b2449654dd7ab8dd4922737a2f5e3d066f0079453be65a34b1ae90edc90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5bb3b2449654dd7ab8dd4922737a2f5e3d066f0079453be65a34b1ae90edc90.dll,#1
  2⤵
  PID:3552

memory/3552-133-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download
memory/3552-134-0x0000000000BE0000-0x0000000000BEA000-memory.dmp

Filesize
40KB

Download
memory/3552-138-0x0000000010000000-0x000000001002A000-memory.dmp

Filesize
168KB

Download