45a30596be68cfcb4828bc1b646cab0b668c4b5a35b63ddcd3918c9b04026e55

Analysis

max time kernel
137s
max time network
143s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 11:15

Target

45a30596be68cfcb4828bc1b646cab0b668c4b5a35b63ddcd3918c9b04026e55.dll
Size

36KB
MD5

5a6b9caa38a99e066b26691301ea70e7
SHA1

a6c3ae0155ed961220a138ec847f6801fb22b069
SHA256

45a30596be68cfcb4828bc1b646cab0b668c4b5a35b63ddcd3918c9b04026e55
SHA512

c208797e967ef639612c6aa8ff7bd0f3e8e2f3977a4f92eed178e3d21381c2a8be70adda7e964083009db758af0932c484b9d3a96fb189336dc156a6f59f9bf4
SSDEEP

768:FT1BNCkK5gVGxlaZql9J1oT1cIg7/fO3+a5hCDKR4plx8Mf9O:1nNCl5X/J12y5736+4QWR4pz9E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 4868	4864	rundll32.exe	85
PID 4864 wrote to memory of 4868	4864	rundll32.exe	85
PID 4864 wrote to memory of 4868	4864	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45a30596be68cfcb4828bc1b646cab0b668c4b5a35b63ddcd3918c9b04026e55.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45a30596be68cfcb4828bc1b646cab0b668c4b5a35b63ddcd3918c9b04026e55.dll,#1
  2⤵
  PID:4868