b8a144901ede64beef3fe90994d385c89ce458745312a8b1e891ccfa56af746c

Analysis

max time kernel
156s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 07:54

Target

b8a144901ede64beef3fe90994d385c89ce458745312a8b1e891ccfa56af746c.dll
Size

66KB
MD5

b29b65775b310b39bc7af243760b43c0
SHA1

999fe047e2b0cd9779ea884a1482ba2b46e23746
SHA256

b8a144901ede64beef3fe90994d385c89ce458745312a8b1e891ccfa56af746c
SHA512

953af48d5b7a27e905956abc1a6846c98a374da4266a774fe0f0d6745b9fb852ea4b36eaaab42b89dda915461140e1ef8dcdf6739d1d219990f2dd6f5666c875
SSDEEP

1536:nU6agmE+0tTtmB1tiwvX6ATLr9qUwqJk3/oovc6XPc:nU4H+0tc3hX6OPgUwkI/XvhPc

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 916	1108	rundll32.exe	55
PID 1108 wrote to memory of 916	1108	rundll32.exe	55
PID 1108 wrote to memory of 916	1108	rundll32.exe	55

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8a144901ede64beef3fe90994d385c89ce458745312a8b1e891ccfa56af746c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8a144901ede64beef3fe90994d385c89ce458745312a8b1e891ccfa56af746c.dll,#1
  2⤵
  PID:916

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 916 -ip 916
1⤵
PID:1848

memory/916-132-0x0000000000000000-mapping.dmp

Download
memory/916-133-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download