a5f932e63cfdf819d2d229decc22eed4719e8283b268e41a56a5270dd39f4386

Analysis

max time kernel
139s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2022, 06:33

Target

a5f932e63cfdf819d2d229decc22eed4719e8283b268e41a56a5270dd39f4386.dll
Size

148KB
MD5

4e56514dc7045d0a7d64a220284318a0
SHA1

b980a385feb709e148706a618f98fa4fa5d3f7db
SHA256

a5f932e63cfdf819d2d229decc22eed4719e8283b268e41a56a5270dd39f4386
SHA512

160c7a01d955391d37190929c016801a6b1cfdcff9ae65d9480c3c40cb8933ec3d04e5c37505fa27c98daa1df8735db1053c7a97b2588164b9ca0b45bc86106e
SSDEEP

3072:O5J4P+mMSSjCZ8s6l+so4FsgdPKZpYS3iKwgdc:8J4P+QNwsgeawNwgd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 4792	4772	rundll32.exe	80
PID 4772 wrote to memory of 4792	4772	rundll32.exe	80
PID 4772 wrote to memory of 4792	4772	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5f932e63cfdf819d2d229decc22eed4719e8283b268e41a56a5270dd39f4386.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a5f932e63cfdf819d2d229decc22eed4719e8283b268e41a56a5270dd39f4386.dll,#1
  2⤵
  PID:4792