1392c75f8b0f9118a1e226fc2b9abf4e07f4c68f0269972f816ff7a9ba7d0652

Analysis

max time kernel
130s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 07:39

Target

1392c75f8b0f9118a1e226fc2b9abf4e07f4c68f0269972f816ff7a9ba7d0652.dll
Size

60KB
MD5

41dc11cd7cd436e750a5751a38b0ac50
SHA1

15409a6b2718af1da87651656fd648d2c5b1d6a7
SHA256

1392c75f8b0f9118a1e226fc2b9abf4e07f4c68f0269972f816ff7a9ba7d0652
SHA512

c5bcb6209f3a54b832670943f02f93027977bb5ddfe14cfc7aed99c96befc0ca5d45329886ed5ebe46710b296626f825f01393f2d18038d0bfdb7869bf9b0f2e
SSDEEP

768:n1PaoMAC9K3kLyZZjkgOCkU0cjLrbv0sL9gOVDjD5eSJ8Oqhm/A6WEqhXL7/yUSs:n1P3M71hC0cv3RWaDjMSVWDaaqa

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 2180	3140	rundll32.exe	82
PID 3140 wrote to memory of 2180	3140	rundll32.exe	82
PID 3140 wrote to memory of 2180	3140	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1392c75f8b0f9118a1e226fc2b9abf4e07f4c68f0269972f816ff7a9ba7d0652.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1392c75f8b0f9118a1e226fc2b9abf4e07f4c68f0269972f816ff7a9ba7d0652.dll,#1
  2⤵
  PID:2180