93bc8db25bacc1c3415c186d2844841342613f1540a536bfbe7808e3880ba1fc

Analysis

max time kernel
112s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:24

Target

93bc8db25bacc1c3415c186d2844841342613f1540a536bfbe7808e3880ba1fc.dll
Size

67KB
MD5

0717d94c22e462adde668627f01d28c4
SHA1

6287355c94bc736c9a91fd255b831b0db01a7d44
SHA256

93bc8db25bacc1c3415c186d2844841342613f1540a536bfbe7808e3880ba1fc
SHA512

cae401ea45257c5e3ecde70714654c57492fdebaa436a4446f31ff25f149d40a3eee62a564e866c77bffc2edf1951f8ea6c9d158beb5932d1bfa07fbcfa971bb
SSDEEP

1536:LCnK+Gmtwj1GNWFVvW22oSMk5voF/RxALXD4y27BXUou:qExGNWFVvWjuk5v2pxALXDrcBXUou

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4928 wrote to memory of 4828	4928	rundll32.exe	81
PID 4928 wrote to memory of 4828	4928	rundll32.exe	81
PID 4928 wrote to memory of 4828	4928	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93bc8db25bacc1c3415c186d2844841342613f1540a536bfbe7808e3880ba1fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\93bc8db25bacc1c3415c186d2844841342613f1540a536bfbe7808e3880ba1fc.dll,#1
  2⤵
  PID:4828

memory/4828-133-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download