a9bed4b02d79b92cebaec4f1fbf53bbb13ecc4489b4589be20fbb10d5a70e466

Analysis

max time kernel
110s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2023, 19:59

Target

a9bed4b02d79b92cebaec4f1fbf53bbb13ecc4489b4589be20fbb10d5a70e466.dll
Size

384KB
MD5

e61ac2ed2ffe2c92e89a218c1c9de669
SHA1

9e2a0256aed539b8383ccf8e5023c421e3842d57
SHA256

a9bed4b02d79b92cebaec4f1fbf53bbb13ecc4489b4589be20fbb10d5a70e466
SHA512

bc8838e5524c33d4d4ee8098b8c10e9cfb219f49cd96bf899a3533f96deab5c4d010d6f873e181d717fbb40a231f4aa88e111d8f15c7787a2d177752b59b4ff1
SSDEEP

6144:CFf51YkkVArIVGnVhgSjA7QQDc3/ZuPsgou+OQEatLC7FB5tVu2WgUGsHNJj++8P:CFh1YAIuhgSypY34Ugj/Qo5tVu2Ww+jO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4808 wrote to memory of 1748	4808	rundll32.exe	81
PID 4808 wrote to memory of 1748	4808	rundll32.exe	81
PID 4808 wrote to memory of 1748	4808	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9bed4b02d79b92cebaec4f1fbf53bbb13ecc4489b4589be20fbb10d5a70e466.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4808
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a9bed4b02d79b92cebaec4f1fbf53bbb13ecc4489b4589be20fbb10d5a70e466.dll,#1
  2⤵
  PID:1748

memory/1748-133-0x00000000602E0000-0x0000000060598000-memory.dmp

Filesize
2.7MB

Download