00db58011e7a22bbc02c61300d684b6e4e000e2e7dccf0af0d32d87b52693ab2

Analysis

max time kernel
88s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-10-2022 11:50

Target

00db58011e7a22bbc02c61300d684b6e4e000e2e7dccf0af0d32d87b52693ab2.dll
Size

316KB
MD5

634ccdec8f23a7949ed1a8b74a8baf90
SHA1

3184e9209fde5b4db2a092bfed165644f23e019e
SHA256

00db58011e7a22bbc02c61300d684b6e4e000e2e7dccf0af0d32d87b52693ab2
SHA512

ff9e561b1e9bfd5ff13a627cbfc78718cd85b865a41b02c510274d0a51cd3c486e9214b23d20f6dc195b40807c734ef37199faedd62383481aed5f409e0c2b7a
SSDEEP

6144:xHuX8LToTWOnqjmc8SVQzk7GgPaeAONPvPA:xusLUTWVxQzE9SeHXPA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4068 wrote to memory of 2640	4068	rundll32.exe	78
PID 4068 wrote to memory of 2640	4068	rundll32.exe	78
PID 4068 wrote to memory of 2640	4068	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00db58011e7a22bbc02c61300d684b6e4e000e2e7dccf0af0d32d87b52693ab2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00db58011e7a22bbc02c61300d684b6e4e000e2e7dccf0af0d32d87b52693ab2.dll,#1
  2⤵
  PID:2640