f56cd7d2bc616fce85071d9dbec24c9ce8d59431cada256d73fd6c5de9daa4d8

Analysis

max time kernel
168s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 16:10

Target

f56cd7d2bc616fce85071d9dbec24c9ce8d59431cada256d73fd6c5de9daa4d8.dll
Size

32KB
MD5

d02151546841ad650d5ffb8fbe197555
SHA1

aca6559a1f98365ad400f27f4accd5207c25705a
SHA256

f56cd7d2bc616fce85071d9dbec24c9ce8d59431cada256d73fd6c5de9daa4d8
SHA512

0bd421d63df7e4850544c11b001827400abfa3f903e52e27e46d017d8cdce2d2f23f0158658759cad859f43ad4b7232b07e5ec26af0800f70af98cd87592519d
SSDEEP

768:WG9aSyxY6APlLFYuIEKyyfj/rECSZd/m8DjgyFpK0i:pgy6APlyoKyk0nZd/moFS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1388 wrote to memory of 1460	1388	rundll32.exe	83
PID 1388 wrote to memory of 1460	1388	rundll32.exe	83
PID 1388 wrote to memory of 1460	1388	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f56cd7d2bc616fce85071d9dbec24c9ce8d59431cada256d73fd6c5de9daa4d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1388
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f56cd7d2bc616fce85071d9dbec24c9ce8d59431cada256d73fd6c5de9daa4d8.dll,#1
  2⤵
  PID:1460

memory/1460-133-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download