fdbcdf02ba716489e11c5b40df6f3a6f3ef1a835245ab728767cd1c23ef11218

Analysis

max time kernel
172s
max time network
206s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 18:13

Target

fdbcdf02ba716489e11c5b40df6f3a6f3ef1a835245ab728767cd1c23ef11218.dll
Size

80KB
MD5

50f5102f5e0c7455d6e2fcbddb5fb9b8
SHA1

c84b911b7cee422221797d742cb5c5e7b1504571
SHA256

fdbcdf02ba716489e11c5b40df6f3a6f3ef1a835245ab728767cd1c23ef11218
SHA512

d4b9e9fb269993059417eef2d988dcd755615b35344699e7d4b3309085499e6da0462c70f8f45ee23d9d1f4b4af22af7a137670700cf3101723fd464822c2905
SSDEEP

1536:asG9rrQiDkUVWCcZ0HdIxQiWH0qeOshxWhrZja:asG9fQiDkqyZ0uM0qeOsDWfja

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 4556	1532	rundll32.exe	81
PID 1532 wrote to memory of 4556	1532	rundll32.exe	81
PID 1532 wrote to memory of 4556	1532	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdbcdf02ba716489e11c5b40df6f3a6f3ef1a835245ab728767cd1c23ef11218.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fdbcdf02ba716489e11c5b40df6f3a6f3ef1a835245ab728767cd1c23ef11218.dll,#1
  2⤵
  PID:4556

memory/4556-133-0x0000000000BE0000-0x0000000000BED000-memory.dmp

Filesize
52KB

Download
memory/4556-135-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/4556-138-0x0000000000BE0000-0x0000000000BED000-memory.dmp

Filesize
52KB

Download