668d943925730a8bbafeac2700d50cce6b589adc8e1e9520d9abd351ffcec767

Analysis

max time kernel
122s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 11:02

Target

668d943925730a8bbafeac2700d50cce6b589adc8e1e9520d9abd351ffcec767.dll
Size

66KB
MD5

610ab9480b8ef525f244073c0a608c0d
SHA1

53c50bb0b4e00c15e815bf4ae8e79082516aef4a
SHA256

668d943925730a8bbafeac2700d50cce6b589adc8e1e9520d9abd351ffcec767
SHA512

e1d237c2eecf041145809e9cb0d4cb3c1757bd16501cd0ab87c256315a0fccf97f50e55620e304b8932ad8ab72fa733dc4d85d42057cefb60b2c711d997f4443
SSDEEP

1536:p+CZ8LwKKjTA0++4kCiPFwR7U+g2ylTvnsJVePKEJm2jensSvEQrDWL:gXEpf4k8R7fevsJ+KEN9SzG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4904 wrote to memory of 2796	4904	rundll32.exe	83
PID 4904 wrote to memory of 2796	4904	rundll32.exe	83
PID 4904 wrote to memory of 2796	4904	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\668d943925730a8bbafeac2700d50cce6b589adc8e1e9520d9abd351ffcec767.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\668d943925730a8bbafeac2700d50cce6b589adc8e1e9520d9abd351ffcec767.dll,#1
  2⤵
  PID:2796