73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876

Analysis

max time kernel
91s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
08-09-2022 13:40

Target

73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll
Size

598KB
MD5

21fde02f02280fdad7cd446c8bf600c7
SHA1

7da9c4a62c742ff5a854ef4fbbaa11e3447e0c97
SHA256

73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876
SHA512

3069734ac96e504bc22502b02a537456740dc99aecb1d78ed1a6adbd30780632dd37af811ab9dc64a71a19889f210a5718a5357dda326fbc53f5828b739eb1f2
SSDEEP

12288:czF6eBVYHBQ3DvlYuZ+wNTYyujPt5ABJXT+gb:Oo1HBuKuja1D4XTv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4844 wrote to memory of 4864	4844	rundll32.exe	rundll32.exe
PID 4844 wrote to memory of 4864	4844	rundll32.exe	rundll32.exe
PID 4844 wrote to memory of 4864	4844	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\73e9c07b6422fb135f06e0660b24a08be7d5bfe5b77d2b9f0096f8d03af52876.dll,#1
2⤵
PID:4864