bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52

Analysis

max time kernel
57s
max time network
74s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
21-02-2023 20:27

Target

bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll
Size

250KB
MD5

de1aa0eeff2da9649100cf7e8894661f
SHA1

194bfa7bac645fd24b57bbfad5301d753284fe6b
SHA256

bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52
SHA512

b30e15f604c41762400d22e5fa82569262c5fbb2ebde0798edf5c9cc8099bf2bef364e9cf7df2d23357d67d29a08682468c98e8b0edec0471a6db467f0e3a72f
SSDEEP

3072:V48RYjKFLNBv49yG66ziHls1ZHH5SBWOIinKXkltbQ52HnIqjnEva4JBW+25F:EORl49yxwkKtZSk2/tbQ5rqkej

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4040 wrote to memory of 900	4040	rundll32.exe	rundll32.exe
PID 4040 wrote to memory of 900	4040	rundll32.exe	rundll32.exe
PID 4040 wrote to memory of 900	4040	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4040

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf0ea49b9bc5ce5bc4eda58f1cb4d6d2aac155f72dd66bc60b7895fc45601d52.dll,#1
2⤵
PID:900

memory/900-133-0x0000000000400000-0x0000000000542000-memory.dmp

Filesize
1.3MB

Download