fb01171b197ca6cd7b9664e30e615c8b27f78d7dfaef96e779d5331005add062

Analysis

max time kernel
159s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 12:11

Target

fb01171b197ca6cd7b9664e30e615c8b27f78d7dfaef96e779d5331005add062.dll
Size

32KB
MD5

41519f6ce4bd8afeb0a77692b625aa05
SHA1

6e9efb8910acc8df0642ef55efd17f7d5764065f
SHA256

fb01171b197ca6cd7b9664e30e615c8b27f78d7dfaef96e779d5331005add062
SHA512

dd2baad79604acc9ff145b8e84c0eb5f3c0c09781e7ae9e8ab37743f704bdcb2800dc7a934534f76aa3ad36e6b4152335ba723f522dc0991a8bfd1117b3a00ea
SSDEEP

192:g96Ki8WpOFuNlDAtXOdlzps/VeWgs/cGOsSvSZhRWMQLQy8TMV:+VFuNlDCXWz2/VeFZzvSZfW1Z84

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 1568	380	rundll32.exe	81
PID 380 wrote to memory of 1568	380	rundll32.exe	81
PID 380 wrote to memory of 1568	380	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb01171b197ca6cd7b9664e30e615c8b27f78d7dfaef96e779d5331005add062.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb01171b197ca6cd7b9664e30e615c8b27f78d7dfaef96e779d5331005add062.dll,#1
  2⤵
  PID:1568

memory/1568-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download