a147c5514ac9f92c17fd988e865536f4f5b4e09c357d6a7421df76547be92a34

Analysis

max time kernel
182s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 10:33

Target

a147c5514ac9f92c17fd988e865536f4f5b4e09c357d6a7421df76547be92a34.dll
Size

137KB
MD5

a30749666bd37e2ee9eef34303ddd4e0
SHA1

8d4412c9fcadb6c4a819f79aef2a2c2dcc9288cb
SHA256

a147c5514ac9f92c17fd988e865536f4f5b4e09c357d6a7421df76547be92a34
SHA512

6f1dba9093b7829a5c6263107e0441638a81e600a9bd2e61eab30c38c38755e0c61bb5d3f58d83a17659a83ca066e4037101ce69ab0b86a49bd546a4e30c7712
SSDEEP

3072:i8wA0TMD5Dqg0yN1nvAANSw8ltWoihGCyMOLySWst+fXx60IL/:i8w6D4Kotup0LWI+fS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 1344	2300	rundll32.exe	80
PID 2300 wrote to memory of 1344	2300	rundll32.exe	80
PID 2300 wrote to memory of 1344	2300	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a147c5514ac9f92c17fd988e865536f4f5b4e09c357d6a7421df76547be92a34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a147c5514ac9f92c17fd988e865536f4f5b4e09c357d6a7421df76547be92a34.dll,#1
  2⤵
  PID:1344

memory/1344-132-0x0000000000000000-mapping.dmp

Download
memory/1344-133-0x0000000000EE0000-0x0000000000F0B000-memory.dmp

Filesize
172KB

Download