3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd

Analysis

max time kernel
92s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-10-2022 07:49

Target

3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd.dll
Size

36KB
MD5

574452d86b9aca9d38832e41f2d679e7
SHA1

084606a1112c8ac224342da7bdef858eb124d69a
SHA256

3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd
SHA512

3c79ef430d0471b4c6f19330563b93a889a8221570bb6c008f1a1e3e5f520072210ae260a8c27828d32f5b294843c564044eb0083eb5a794a7f9e7961c8fb759
SSDEEP

768:cVs14yYwC2+s/X28WIS1tn7/J3MsoG95hNDdR0VOMP:cuOyYwC428WISX71MOvRR0VOMP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1684 wrote to memory of 4972	1684	rundll32.exe	81
PID 1684 wrote to memory of 4972	1684	rundll32.exe	81
PID 1684 wrote to memory of 4972	1684	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1684
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3998afb81d33828ebebb8b321fcfb96971a9b4e56f1825e576a9697911315afd.dll,#1
  2⤵
  PID:4972