d0d4977a3539bbc52e49af74e63556744de8ed64da736902f0caf26cf02871ca

Analysis

max time kernel
241s
max time network
254s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2022, 21:14

Target

d0d4977a3539bbc52e49af74e63556744de8ed64da736902f0caf26cf02871ca.dll
Size

5KB
MD5

618f971ed04a9369c54bff74ea4a0fb0
SHA1

14b6d7d11e1ac4bdedacd9cb7ccbf544fbd0642b
SHA256

d0d4977a3539bbc52e49af74e63556744de8ed64da736902f0caf26cf02871ca
SHA512

0fb5a502bbc9cacfd80896a286a0225857309536cd85c49bda1ac5bc5be6beb592b0e176d38c4a68c36700ebb8eee13a5a49d1753b7dc9320e945efd0ca2290c
SSDEEP

48:q0aaPO8jGSLIv+Tqq7NqrhWR07iIsitl6YtDytJFgOrnsB/SsyomXrsWWen:1h9jTqMMrY0OI/KYyznSMTVn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1212 wrote to memory of 4540	1212	rundll32.exe	81
PID 1212 wrote to memory of 4540	1212	rundll32.exe	81
PID 1212 wrote to memory of 4540	1212	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0d4977a3539bbc52e49af74e63556744de8ed64da736902f0caf26cf02871ca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d0d4977a3539bbc52e49af74e63556744de8ed64da736902f0caf26cf02871ca.dll,#1
  2⤵
  PID:4540