fd44268ab97278690d930fe3d0312eb195c4b91482c8432fc8e442741b8380fa

Analysis

max time kernel
186s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 23:52

Target

fd44268ab97278690d930fe3d0312eb195c4b91482c8432fc8e442741b8380fa.dll
Size

339KB
MD5

e194c5233bfdb0aa3c7806da701d5e07
SHA1

aac896db833d64099d50f0d9db86e0ce2c389141
SHA256

fd44268ab97278690d930fe3d0312eb195c4b91482c8432fc8e442741b8380fa
SHA512

202a38b5a0277047dbcb8566cc6d7254dc3db9a94d1eeed8834524d822fa56b96a6f8d5db02e3c6acd471ad220c5d379404455f56aff0c65327cb5ffa4200bfe
SSDEEP

6144:eZ1bPa/JL0RYkUMCtIXE7FY33oRQ8gCoIT+OhjF8mWK4ZvCngWWIK:eDFktx7F2MpPlOmWKgKngWvK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3932 wrote to memory of 4516	3932	rundll32.exe	83
PID 3932 wrote to memory of 4516	3932	rundll32.exe	83
PID 3932 wrote to memory of 4516	3932	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd44268ab97278690d930fe3d0312eb195c4b91482c8432fc8e442741b8380fa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fd44268ab97278690d930fe3d0312eb195c4b91482c8432fc8e442741b8380fa.dll,#1
  2⤵
  PID:4516

memory/4516-133-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download