81d1d2e32de8b2f078a98f06f12386851851e919acfc13a2c81d0236c319f5b8

Analysis

max time kernel
144s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2022, 23:50

Target

81d1d2e32de8b2f078a98f06f12386851851e919acfc13a2c81d0236c319f5b8.dll
Size

24KB
MD5

ce0142f71416606c2ea5efd45933ed84
SHA1

393e3872b4da1d1671f5bb5a76573b2da8dd1f02
SHA256

81d1d2e32de8b2f078a98f06f12386851851e919acfc13a2c81d0236c319f5b8
SHA512

b2ffe8d61c96cad3aed12456b20e682eb6599a7931f698c9c8aed831cebaae75f4f51d3367fe69172f0cfec15c02d2762cb0a3806c96dc9bd0d4b80c05038595
SSDEEP

384:XTbNdbxyRpUsrNvy4X4zwuBBQARQkBXQM7MBiUF0cotznw:DbNdbxyRpUsrCLBBQARQk2M7rL7tzw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1912 wrote to memory of 4892	1912	rundll32.exe	79
PID 1912 wrote to memory of 4892	1912	rundll32.exe	79
PID 1912 wrote to memory of 4892	1912	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\81d1d2e32de8b2f078a98f06f12386851851e919acfc13a2c81d0236c319f5b8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\81d1d2e32de8b2f078a98f06f12386851851e919acfc13a2c81d0236c319f5b8.dll,#1
  2⤵
  PID:4892