ba6854d54a75ab9658ea1af4b8c9de98b04a8e65078e8ccd81f342b5b036efae

Analysis

max time kernel
139s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 18:14

Target

ba6854d54a75ab9658ea1af4b8c9de98b04a8e65078e8ccd81f342b5b036efae.dll
Size

72KB
MD5

15b44a05aede71afeb025c4bce1b1879
SHA1

8122f5aeed8fd9940bce70aef58dfe1ced435df2
SHA256

ba6854d54a75ab9658ea1af4b8c9de98b04a8e65078e8ccd81f342b5b036efae
SHA512

8954e1c91f342c3f40bf4c94081dcbfc6d84f503ccaa18b44f3309a5fb3202137cd6b36f9262dc0a9887cbc2eda20f8b7b6a0071b9d3e5c78140c8f07d444516
SSDEEP

1536:2o979Zat3ieNiBMUUz2N7TwwToBwpe7YhOq5:2oFbK32Mtz8hoBw87/q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4236 wrote to memory of 4248	4236	rundll32.exe	80
PID 4236 wrote to memory of 4248	4236	rundll32.exe	80
PID 4236 wrote to memory of 4248	4236	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba6854d54a75ab9658ea1af4b8c9de98b04a8e65078e8ccd81f342b5b036efae.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba6854d54a75ab9658ea1af4b8c9de98b04a8e65078e8ccd81f342b5b036efae.dll,#1
  2⤵
  PID:4248

memory/4248-132-0x0000000000000000-mapping.dmp

Download
memory/4248-133-0x0000000001280000-0x000000000128A000-memory.dmp

Filesize
40KB

Download
memory/4248-135-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/4248-137-0x0000000001280000-0x000000000128A000-memory.dmp

Filesize
40KB

Download
memory/4248-138-0x0000000001280000-0x000000000128A000-memory.dmp

Filesize
40KB

Download