61fec085cee5a72d6fcb36840410187cc77d63c9563d1810e35159476a67a239

Analysis

max time kernel
114s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 21:38

Target

61fec085cee5a72d6fcb36840410187cc77d63c9563d1810e35159476a67a239.dll
Size

359KB
MD5

b021ddb2f1d69036c000e52cdc27acf5
SHA1

ab14bca7059cd13fcce6c58caa19bd9f602993ae
SHA256

61fec085cee5a72d6fcb36840410187cc77d63c9563d1810e35159476a67a239
SHA512

76e349109f73f4eaffc55784d37e1b52392910909eb357760eb5de8fbf21531d65d343e58e02f6b5f46f9a46a5fed804539230a7eb12a48696a3f24978e93ce1
SSDEEP

6144:9pwM3I4nEYm2WLZz9PGGISkraoIX4NRZLLd/BZpymJZBS+tSfEwv5wyQ:skI4nJmRz9PGGjkrgoN9Ppymfkn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2140 wrote to memory of 2992	2140	rundll32.exe	80
PID 2140 wrote to memory of 2992	2140	rundll32.exe	80
PID 2140 wrote to memory of 2992	2140	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61fec085cee5a72d6fcb36840410187cc77d63c9563d1810e35159476a67a239.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61fec085cee5a72d6fcb36840410187cc77d63c9563d1810e35159476a67a239.dll,#1
  2⤵
  PID:2992

memory/2992-133-0x0000000073E70000-0x0000000073F25000-memory.dmp

Filesize
724KB

Download
memory/2992-134-0x0000000073E70000-0x0000000073F25000-memory.dmp

Filesize
724KB

Download