9464f93a7661e7ecdb7d14c6cb7f37b977ebee8a8cf8bb90e7f331623c55f3af

Analysis

max time kernel
100s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2022, 01:23

Target

9464f93a7661e7ecdb7d14c6cb7f37b977ebee8a8cf8bb90e7f331623c55f3af.dll
Size

88KB
MD5

a647a9df86ac5f44e8d334ad6b288a3f
SHA1

27da1ce04ac51669fe6f931c4a8d5ae0eb71986d
SHA256

9464f93a7661e7ecdb7d14c6cb7f37b977ebee8a8cf8bb90e7f331623c55f3af
SHA512

793c0a196bc8704c720ef403fa9d871d1569b655efa1fc4e107328dc1b77c98cd94eaeac8c59fbbdc55a54ec495655a129c69b55500c5ce1c1cbdf7386cabdda
SSDEEP

1536:9/ZK6JRFEEDxt0L1t0JAee40F6fKwBNt6J+LWXf:pZpJEEDx+L1t0eRwfKwpnLOf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 2240	4948	rundll32.exe	81
PID 4948 wrote to memory of 2240	4948	rundll32.exe	81
PID 4948 wrote to memory of 2240	4948	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9464f93a7661e7ecdb7d14c6cb7f37b977ebee8a8cf8bb90e7f331623c55f3af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9464f93a7661e7ecdb7d14c6cb7f37b977ebee8a8cf8bb90e7f331623c55f3af.dll,#1
  2⤵
  PID:2240

memory/2240-133-0x0000000000C00000-0x0000000000C0D000-memory.dmp

Filesize
52KB

Download
memory/2240-135-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/2240-138-0x0000000000C00000-0x0000000000C0D000-memory.dmp

Filesize
52KB

Download