baf7724a61d0b62af8d04dc8666a89a168b2f632fa934d49cad4456583a7c99e

Analysis

max time kernel
91s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2022, 01:22

Target

baf7724a61d0b62af8d04dc8666a89a168b2f632fa934d49cad4456583a7c99e.dll
Size

104KB
MD5

14e0a145285fbf3493a663e64d218bf1
SHA1

daa211fc53ee439eb09e971d3090900f2cb79240
SHA256

baf7724a61d0b62af8d04dc8666a89a168b2f632fa934d49cad4456583a7c99e
SHA512

3ced9bb1ea910ba38449a787e7262b506546a7b8ee7dc95fb8ca960dfd26a6dde7e69bf84eeca50ba4ba9b9a6df6a58465bba48ef0d7f7283df9e7f44ebb5711
SSDEEP

1536:g+6rBM/6I11N1gVx9c9/ifvOoehBqddIPJY6t0wexCsPx+al:g+eM/11NEx9u/iHveWDOFt0wexLBl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3548 wrote to memory of 2452	3548	rundll32.exe	80
PID 3548 wrote to memory of 2452	3548	rundll32.exe	80
PID 3548 wrote to memory of 2452	3548	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\baf7724a61d0b62af8d04dc8666a89a168b2f632fa934d49cad4456583a7c99e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\baf7724a61d0b62af8d04dc8666a89a168b2f632fa934d49cad4456583a7c99e.dll,#1
  2⤵
  PID:2452

memory/2452-133-0x0000000000F70000-0x0000000000F7D000-memory.dmp

Filesize
52KB

Download
memory/2452-135-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2452-138-0x0000000000F70000-0x0000000000F7D000-memory.dmp

Filesize
52KB

Download