fce01c6a42547d70768be09af86546a2d5c009719215917b6be9320b0f940b48

Analysis

max time kernel
163s
max time network
177s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 13:30

Target

fce01c6a42547d70768be09af86546a2d5c009719215917b6be9320b0f940b48.dll
Size

120KB
MD5

dc90ee431423c9e15073c8f63192b0d3
SHA1

1d4b85ee877b87e42f2fdcb97df968c5f602aa66
SHA256

fce01c6a42547d70768be09af86546a2d5c009719215917b6be9320b0f940b48
SHA512

1cf77b501f1e956737e41e09e7d775199515c34d74b697eb1c423ad991b4c92436a98c4cdaec0cc10cbb90c5e92519594d5ca27641ac11d149c29a6788cd2df1
SSDEEP

3072:eWGW3Cj1j0DEx4SMMdRPw8oiD06IxcHoutBY3:6j1j0DEx4SMMdRo8ND0BxcHoSK3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 4952	2084	rundll32.exe	46
PID 2084 wrote to memory of 4952	2084	rundll32.exe	46
PID 2084 wrote to memory of 4952	2084	rundll32.exe	46

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fce01c6a42547d70768be09af86546a2d5c009719215917b6be9320b0f940b48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fce01c6a42547d70768be09af86546a2d5c009719215917b6be9320b0f940b48.dll,#1
  2⤵
  PID:4952

memory/4952-133-0x0000000010000000-0x000000001001F000-memory.dmp

Filesize
124KB

Download