9462aa175449b80b4d454d76693c48dd12fcd12079dcb18ab985b125f1c82af2

Analysis

max time kernel
175s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 12:10

Target

9462aa175449b80b4d454d76693c48dd12fcd12079dcb18ab985b125f1c82af2.dll
Size

49KB
MD5

870aff0ad1c9782d1e7d669760b25614
SHA1

bffc01caa241df49aa6dd4459e45b1ba9eb64cc7
SHA256

9462aa175449b80b4d454d76693c48dd12fcd12079dcb18ab985b125f1c82af2
SHA512

876c7e2dd06e7a566c51fc981d8515f3a19d5689885fb112a838ec978de99fef56dd5f1a2cd9782d1cecabcbaa09b96f3dbffea2999cda59203f7f9b41dfb1ab
SSDEEP

768:KhfOpeT8Z4ca2MmJs6UDgYzjifcXWjBY6eQlnB/qn8pU0HT:Ome7cDSfz+UXGBY6tu0HT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 312 wrote to memory of 3680	312	rundll32.exe	83
PID 312 wrote to memory of 3680	312	rundll32.exe	83
PID 312 wrote to memory of 3680	312	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9462aa175449b80b4d454d76693c48dd12fcd12079dcb18ab985b125f1c82af2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9462aa175449b80b4d454d76693c48dd12fcd12079dcb18ab985b125f1c82af2.dll,#1
  2⤵
  PID:3680

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 460 -p 3680 -ip 3680
1⤵
PID:2952

memory/3680-133-0x0000000010000000-0x0000000010021000-memory.dmp

Filesize
132KB

Download