be4c9704b13b8645057847ee2421f00f5f3dccd3083523f5326f34f1732046d7

Analysis

max time kernel
204s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:49

Target

be4c9704b13b8645057847ee2421f00f5f3dccd3083523f5326f34f1732046d7.dll
Size

246KB
MD5

cd79b6e43c475f027aaf374981e9e454
SHA1

617d973b6f38771606d6151dcbc5e1169214ffe2
SHA256

be4c9704b13b8645057847ee2421f00f5f3dccd3083523f5326f34f1732046d7
SHA512

8862bf640ce54edf07c9c35f4eec65f073147714f3f97a642648f9d37f264001be9d121331f656c53a2c361d8aa0bff1744a6d6fd7f2a06885f6e0d9e7f3e290
SSDEEP

3072:DoyxvfGcdkZYR4gL38qJUeUdrqnS27i837hRM9DiulzVx9:DoQf5dGYugL3/i8rhRMME

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4412 wrote to memory of 1152	4412	rundll32.exe	80
PID 4412 wrote to memory of 1152	4412	rundll32.exe	80
PID 4412 wrote to memory of 1152	4412	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\be4c9704b13b8645057847ee2421f00f5f3dccd3083523f5326f34f1732046d7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4412
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\be4c9704b13b8645057847ee2421f00f5f3dccd3083523f5326f34f1732046d7.dll,#1
  2⤵
  PID:1152

memory/1152-133-0x0000000010000000-0x0000000010040000-memory.dmp

Filesize
256KB

Download