fe09dc50ff976a69be0ee757dc25704e1d135bafddddc6a6b6ae2c2ed0819e17

Analysis

max time kernel
136s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:24

Target

fe09dc50ff976a69be0ee757dc25704e1d135bafddddc6a6b6ae2c2ed0819e17.dll
Size

99KB
MD5

f4b43791d17e2870a097da3c33f49ef0
SHA1

d8f15eb93b87843984251e763435767e560b1ea0
SHA256

fe09dc50ff976a69be0ee757dc25704e1d135bafddddc6a6b6ae2c2ed0819e17
SHA512

f78bd140be6398fbdc6f02fefaaeed01d22acd5511e48d0d08fb568d7e8cdea829607124fcbc81e9322e69056a74df26235610a4c1b549296f1de14d3f26907d
SSDEEP

1536:TD6K271gp7DXHQ49A73RlbUJl+s9Q8BQ+VzraYPwYNAa16:TDGYLwwCRlbUms9Q8BQ8fFP/8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3880 wrote to memory of 4012	3880	rundll32.exe	79
PID 3880 wrote to memory of 4012	3880	rundll32.exe	79
PID 3880 wrote to memory of 4012	3880	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe09dc50ff976a69be0ee757dc25704e1d135bafddddc6a6b6ae2c2ed0819e17.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe09dc50ff976a69be0ee757dc25704e1d135bafddddc6a6b6ae2c2ed0819e17.dll,#1
  2⤵
  PID:4012

memory/4012-134-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download