ca7a4890e074ee7c7438eda8ed33c865c677f612b9cb7622d62cc61eea094480

Analysis

max time kernel
167s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 05:53

Target

ca7a4890e074ee7c7438eda8ed33c865c677f612b9cb7622d62cc61eea094480.dll
Size

295KB
MD5

d020289fe77a420dddd1407e2232bfd1
SHA1

dbda6779fb2bd174d170d0930742ba05daf06479
SHA256

ca7a4890e074ee7c7438eda8ed33c865c677f612b9cb7622d62cc61eea094480
SHA512

4b110df3f8b40aa4bd247b14f859fd6a533bc5e1b1a44f86302274fc596f2f72278b3bf01e35081b002b5f02b2f659138620e577d0af8c866148e2361f3027bf
SSDEEP

6144:dwpXDkteSHrqj8X5QmkOzEOQEt72BsNdV5Y9Ojg:daDkteS2YauzEZMKyNLu8s

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3440 wrote to memory of 4336	3440	rundll32.exe	83
PID 3440 wrote to memory of 4336	3440	rundll32.exe	83
PID 3440 wrote to memory of 4336	3440	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca7a4890e074ee7c7438eda8ed33c865c677f612b9cb7622d62cc61eea094480.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca7a4890e074ee7c7438eda8ed33c865c677f612b9cb7622d62cc61eea094480.dll,#1
  2⤵
  PID:4336

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 4336 -ip 4336
1⤵
PID:4200

memory/4336-133-0x0000000010000000-0x00000000100A2000-memory.dmp

Filesize
648KB

Download