da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460

Analysis

max time kernel
136s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2022, 23:27

Target

da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll
Size

33KB
MD5

314203fb453e226eb53863d847b9a0f5
SHA1

297ab1843ae4499b3dab4d56eabfcd7c0371a3c6
SHA256

da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460
SHA512

48e63d58700b00a1c3463000c9d460635ab400264cb5ece7153d9a1dec7ead3facf4c792a7da9de086a721253b9d7470e7a165122d0f8bf5a7161013b0ca8f63
SSDEEP

768:SWPYvZLnZ0icDVov3Yq7pW/PB7cOkRERz8ckt:jPYvZLnUVOb7pW/GLERz8cS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 1664	3276	rundll32.exe	83
PID 3276 wrote to memory of 1664	3276	rundll32.exe	83
PID 3276 wrote to memory of 1664	3276	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\da9ce7f54321ea2d2bc48980753c0e72f2b7ba970f956d97d58b49fb6df1c460.dll,#1
  2⤵
  PID:1664