abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 09:21

Target

abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba.dll
Size

60KB
MD5

b787fbc8ce368ec764443072e981e66d
SHA1

882f9ff531822b60ae51b185ed89eb7059876086
SHA256

abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba
SHA512

5344dcd6c246d0f2d080b9442e392b9e962674c55c5fd21e6d7a955f85659abe8760407e85ad47bb117b4a208f0de0841de8fc797ea8889f99d8dd2da5e78e28
SSDEEP

768:e9htYuxxMz4m/0+m45dC66lsgrgipeaddlrTpEMaqZFI6rF2zRb1sueIxz9IsSnH:kVSzqiAls+gi0wvphy8F2zRb1suL9cH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1592 wrote to memory of 1496	1592	rundll32.exe	17
PID 1592 wrote to memory of 1496	1592	rundll32.exe	17
PID 1592 wrote to memory of 1496	1592	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1592
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abee264073aa49e62ba8983804134009f874f1079b2fb4721046ead8dc9363ba.dll,#1
  2⤵
  PID:1496

memory/1496-133-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download