73b8555699ea455f437aaf1f1e648ff0736be9d2fb602dc34a5035b67b775fa5

Analysis

max time kernel
156s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 13:34

Target

73b8555699ea455f437aaf1f1e648ff0736be9d2fb602dc34a5035b67b775fa5.dll
Size

22KB
MD5

8d253120b81526f6b3312450fad96b00
SHA1

1bb3af6126f8e6f8e3b8d7dd10c2a5243e041637
SHA256

73b8555699ea455f437aaf1f1e648ff0736be9d2fb602dc34a5035b67b775fa5
SHA512

fe45c7bc98bdb1bb3d099335396da2d5b803e24e20b17cc227d6440e4abfa69eb919bef519fcc6076c40b41d4dad9e5436d3ac792a5e33be513ebe38a8b8cb5c
SSDEEP

192:96BNWJ+Fs3qnZID0W9NzWLDU41PljFNtzck4Y9xM33YLjc1Mi6QNu8:96BNWGlZIAWfzWLDn3tzc2nc+i7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 4372	1680	rundll32.exe	80
PID 1680 wrote to memory of 4372	1680	rundll32.exe	80
PID 1680 wrote to memory of 4372	1680	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\73b8555699ea455f437aaf1f1e648ff0736be9d2fb602dc34a5035b67b775fa5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\73b8555699ea455f437aaf1f1e648ff0736be9d2fb602dc34a5035b67b775fa5.dll,#1
  2⤵
  PID:4372

memory/4372-133-0x0000000071AD0000-0x0000000071ADA000-memory.dmp

Filesize
40KB

Download