a3a4616317c7d057037ecffa4d874bd01221212d16d09998c91a2ce450ef4f7f

Analysis

max time kernel
193s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 10:18

Target

a3a4616317c7d057037ecffa4d874bd01221212d16d09998c91a2ce450ef4f7f.dll
Size

237KB
MD5

42c7f1c28da74d2414f1656144682aa9
SHA1

5bbe4c464b3e3753c58b012c59460c5b9f485b58
SHA256

a3a4616317c7d057037ecffa4d874bd01221212d16d09998c91a2ce450ef4f7f
SHA512

50f15ae67961fd38857de32bb9554f4431404bccbda015738ed1c74a4d9f631533987ac0af9c581a86c35759c179027c655bfaf8de3b94630f09b71e31be9bcb
SSDEEP

3072:yVVeKtrGhpYuzuw1ILmocTU5r5/mmr/zZbtjjeIT+p7tmX1m8SDn:67rGrh1E959+mrlbtitmE8SD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 1172	4160	rundll32.exe	81
PID 4160 wrote to memory of 1172	4160	rundll32.exe	81
PID 4160 wrote to memory of 1172	4160	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3a4616317c7d057037ecffa4d874bd01221212d16d09998c91a2ce450ef4f7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a3a4616317c7d057037ecffa4d874bd01221212d16d09998c91a2ce450ef4f7f.dll,#1
  2⤵
  PID:1172

memory/1172-133-0x0000000001EA0000-0x0000000001ECE000-memory.dmp

Filesize
184KB

Download
memory/1172-134-0x0000000001ED0000-0x0000000001F0F000-memory.dmp

Filesize
252KB

Download
memory/1172-135-0x0000000001F40000-0x0000000001F6E000-memory.dmp

Filesize
184KB

Download