154a172a4d1ac5e9efbc93c519008b3abd9380127a44f60bd71a850e5e0c5af5

Analysis

max time kernel
2s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 07:36

Target

154a172a4d1ac5e9efbc93c519008b3abd9380127a44f60bd71a850e5e0c5af5.dll
Size

128KB
MD5

54c11608f8014b7e569e6ccdf3c6aad0
SHA1

4c8443a2869094452d6f108e08d2bbf3a693d000
SHA256

154a172a4d1ac5e9efbc93c519008b3abd9380127a44f60bd71a850e5e0c5af5
SHA512

6262bc5280b966192d5e6eb03d61ed8c0b0c36f4f257ae773316c30bf9a46dc3b2371bac61c78fade4ea19678b1253a3ba4e6f0d917779770cd8509d6e339f79
SSDEEP

1536:MDEFUawhF/H8fOUzpt5btzeNJgkhjlA4aVKrOV1NKD:j4D/cXzv5bt4gujlA/Veb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3036 wrote to memory of 1828	3036	rundll32.exe	77
PID 3036 wrote to memory of 1828	3036	rundll32.exe	77
PID 3036 wrote to memory of 1828	3036	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\154a172a4d1ac5e9efbc93c519008b3abd9380127a44f60bd71a850e5e0c5af5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\154a172a4d1ac5e9efbc93c519008b3abd9380127a44f60bd71a850e5e0c5af5.dll,#1
  2⤵
  PID:1828