1975f001d80b3a45599913978f0fc1e46b094efc1b3f463a55158a72921243dc

Analysis

max time kernel
66s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2022, 10:38

Target

GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll
Size

92KB
MD5

16b6dbd2e86b30684fefb6b58de2ffc5
SHA1

9eb06439d136b999457fe300a3118610ef57ab90
SHA256

1975f001d80b3a45599913978f0fc1e46b094efc1b3f463a55158a72921243dc
SHA512

15845c417f7961f229a179b976cec1686025a4af08e29fa445fb62d749667f386d735df076bef8d9d3c3dfc710d9c50e9d4c96938b5a4db46116c164b832d7a5
SSDEEP

1536:dF/FX1qyiuNHaK7YjLbduoJjvbGsQTHZnZLAKwa3fu8LihG5oiKA0QEFVZH3GXzg:XFXPDMnNbGsQT5nhAcvLiHiD0QEX5wzg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3708 wrote to memory of 3976	3708	rundll32.exe	80
PID 3708 wrote to memory of 3976	3708	rundll32.exe	80
PID 3708 wrote to memory of 3976	3708	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\GXXwAdgLOkVZmROXjw-B5GsJTvwbP0Y6VRWKcpISQ9w.dll,#1
  2⤵
  PID:3976