28d9dc634f67c5beb32fe79950fa503b96d1121dc3abb42c20f0b5f3e56042b5

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2022, 23:29

Target

28d9dc634f67c5beb32fe79950fa503b96d1121dc3abb42c20f0b5f3e56042b5.dll
Size

31KB
MD5

4ed9c3ba61a097a02886a5d8b70e8601
SHA1

d69ea53137c45f4367bcc97a77975ccbfc5dcf72
SHA256

28d9dc634f67c5beb32fe79950fa503b96d1121dc3abb42c20f0b5f3e56042b5
SHA512

5e36a3f11eda282bec5a6f07519f042224207cd4319aba7410c1f0ee4e211761058c4bdfdcef5eb2fda280ee32e3028afacf85a6b37c63a3daa0471c04e066cf
SSDEEP

768:qIJWA1CqWe0PamHQ267tM/AChqDERIEmguf:/kA1kPamM7tEhkYRIEte

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 4948	2264	rundll32.exe	80
PID 2264 wrote to memory of 4948	2264	rundll32.exe	80
PID 2264 wrote to memory of 4948	2264	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28d9dc634f67c5beb32fe79950fa503b96d1121dc3abb42c20f0b5f3e56042b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28d9dc634f67c5beb32fe79950fa503b96d1121dc3abb42c20f0b5f3e56042b5.dll,#1
  2⤵
  PID:4948