69e1b64884829a8a8a87119b604d6228f19a119b00bae7f3630c0080509fd07d

Analysis

max time kernel
164s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 13:55

Target

69e1b64884829a8a8a87119b604d6228f19a119b00bae7f3630c0080509fd07d.dll
Size

14KB
MD5

c56fc036a77995a09d39bcae3f3d9b10
SHA1

716142108c8d6b2f2803edbb8a929ef0ca33c4fa
SHA256

69e1b64884829a8a8a87119b604d6228f19a119b00bae7f3630c0080509fd07d
SHA512

63472b6806b82772c9abb5cff255e9032603bd530b51c05e5d66b7bcc0507cbb3606061700f5fd6aa14b69ea077c22a0c6c2023381dd0543d0eb520cc75a17b7
SSDEEP

384:45FBoPTQGr+dcW4WmmKUzqDrI8r5a/pRESwVsr+ax:4HCPTbrcenD881aoSk0P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4888	4844	rundll32.exe	79
PID 4844 wrote to memory of 4888	4844	rundll32.exe	79
PID 4844 wrote to memory of 4888	4844	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\69e1b64884829a8a8a87119b604d6228f19a119b00bae7f3630c0080509fd07d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\69e1b64884829a8a8a87119b604d6228f19a119b00bae7f3630c0080509fd07d.dll,#1
  2⤵
  PID:4888

memory/4888-132-0x0000000000000000-mapping.dmp

Download
memory/4888-133-0x0000000010000000-0x0000000010008000-memory.dmp

Filesize
32KB

Download