a5bb84ff3e5743171a3e8b306ac3eba50cee6acb0c9113f0e0c923e395b24f4f

Analysis

max time kernel
52s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
22-02-2023 19:14

Target

a5bb84ff3e5743171a3e8b306ac3eba50cee6acb0c9113f0e0c923e395b24f4f.dll
Size

456KB
MD5

2e2be9462b6d0515448b7cbdda479f6f
SHA1

1d5cab44dacdf78dee469bd1153d7d75afd1fed5
SHA256

a5bb84ff3e5743171a3e8b306ac3eba50cee6acb0c9113f0e0c923e395b24f4f
SHA512

10145b2449c4b148b696ec1b079e142e23cf05b389e360c253b89f3201fd2b41705c0681fe8e92aa102d6a0ccbd6476568a27b1b4fcb7349c893c1c7c51c4deb
SSDEEP

12288:N8ER3LwJxNVPYhDUgeuzt2f7mba+NEJK7AusguBTi3I:CER3LCVPYhcuR2zmb2SAusguBTi3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1928 wrote to memory of 1228	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1228	1928	rundll32.exe	rundll32.exe
PID 1928 wrote to memory of 1228	1928	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5bb84ff3e5743171a3e8b306ac3eba50cee6acb0c9113f0e0c923e395b24f4f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1928
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5bb84ff3e5743171a3e8b306ac3eba50cee6acb0c9113f0e0c923e395b24f4f.dll,#1
  2⤵
  PID:1228

memory/1228-133-0x0000000000400000-0x000000000051D000-memory.dmp

Filesize
1.1MB

Download