f3ad50b79f8d244420df1e83eb5f1ff5d9cc79a108984661c4e5c79d76316bbd

Analysis

max time kernel
143s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 12:08

Target

f3ad50b79f8d244420df1e83eb5f1ff5d9cc79a108984661c4e5c79d76316bbd.dll
Size

84KB
MD5

dbc18b41295ee883a713a00db53e38a7
SHA1

90dd6cf337f1349d563eb76d384ce5e1fd40526f
SHA256

f3ad50b79f8d244420df1e83eb5f1ff5d9cc79a108984661c4e5c79d76316bbd
SHA512

4b45d8aeb485a961b8ab7148b1a9747d07f3e18ccc37de984a8e3a197a04230afb008f1beccf73d684cf194887283a4cb77fb92b59acd8cac9ef56a79393a3a3
SSDEEP

1536:cmdQZtTFHGi+9iZv2HnEfflZq+WIIle6jjSA:cm2ZFhGd9iZRfrqU8jx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 380	4668	rundll32.exe	80
PID 4668 wrote to memory of 380	4668	rundll32.exe	80
PID 4668 wrote to memory of 380	4668	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3ad50b79f8d244420df1e83eb5f1ff5d9cc79a108984661c4e5c79d76316bbd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3ad50b79f8d244420df1e83eb5f1ff5d9cc79a108984661c4e5c79d76316bbd.dll,#1
  2⤵
  PID:380

memory/380-132-0x0000000000000000-mapping.dmp

Download
memory/380-133-0x0000000002CA0000-0x0000000002CAD000-memory.dmp

Filesize
52KB

Download
memory/380-134-0x0000000002CB0000-0x0000000002CBD000-memory.dmp

Filesize
52KB

Download