8556f94bb8519e2d08a9b7a3603fb75be680929250a3da4c75f4c4fc87938a8a

Analysis

max time kernel
139s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 15:55

Target

8556f94bb8519e2d08a9b7a3603fb75be680929250a3da4c75f4c4fc87938a8a.dll
Size

136KB
MD5

91c5e4a6aa1f5fb4ec450fbc0d47ebcc
SHA1

cd0e2b74d4101e6d877095889ebee2c5c5f72839
SHA256

8556f94bb8519e2d08a9b7a3603fb75be680929250a3da4c75f4c4fc87938a8a
SHA512

ba99d06b89510a41dc3e7ce15cad3090caf66b18f74bfe9a06dd911f3215ac231314b81c54b6a313070eccc1d9bfca7a746e7331709ad4c26550108c2215c9d1
SSDEEP

1536:6Rw9k6k1FrHc5RqbSBxLYRwKUvBcdBlv4Py+OZHfC6+dYvnc97a:/cHr8mbSBx8Rzv7l+O45dYf2+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 3444	4844	rundll32.exe	83
PID 4844 wrote to memory of 3444	4844	rundll32.exe	83
PID 4844 wrote to memory of 3444	4844	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8556f94bb8519e2d08a9b7a3603fb75be680929250a3da4c75f4c4fc87938a8a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8556f94bb8519e2d08a9b7a3603fb75be680929250a3da4c75f4c4fc87938a8a.dll,#1
  2⤵
  PID:3444