caa0a10f82b5b2e92e201b0fe89a5cab7da82ff0acace6206b936b1b95368667

Analysis

max time kernel
202s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 13:33

Target

caa0a10f82b5b2e92e201b0fe89a5cab7da82ff0acace6206b936b1b95368667.dll
Size

22KB
MD5

67748c27fe7f4b47942c1a560bfff8e0
SHA1

8ae859b518c30cac9aed048100a7d7bbc9b85823
SHA256

caa0a10f82b5b2e92e201b0fe89a5cab7da82ff0acace6206b936b1b95368667
SHA512

619bf944fcdcc64ad10440e23e48b1b76e619b8f267957233bfdfabec228cd0e0e3ae6edaad312870544f7442114193e475b15608a5c629a60cfa117694242ef
SSDEEP

192:96BNWJ+Fs3qnZID0W9NzWLDU41PljFNtzck4Y9xM33YLjc1Mi6QNu8:96BNWGlZIAWfzWLDn3tzc2nc+i7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 4232	2752	rundll32.exe	81
PID 2752 wrote to memory of 4232	2752	rundll32.exe	81
PID 2752 wrote to memory of 4232	2752	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\caa0a10f82b5b2e92e201b0fe89a5cab7da82ff0acace6206b936b1b95368667.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\caa0a10f82b5b2e92e201b0fe89a5cab7da82ff0acace6206b936b1b95368667.dll,#1
  2⤵
  PID:4232

memory/4232-133-0x0000000071AD0000-0x0000000071ADA000-memory.dmp

Filesize
40KB

Download