aff58b786180adbdf371440828356260494e49ab68d4f7ce3574dfde8629b3a3

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
19/10/2022, 15:56

Target

aff58b786180adbdf371440828356260494e49ab68d4f7ce3574dfde8629b3a3.dll
Size

49KB
MD5

a22debf0628388a35a9127d2727401a8
SHA1

bb8c5344f33b0af7799ef98772e8e1205f71c733
SHA256

aff58b786180adbdf371440828356260494e49ab68d4f7ce3574dfde8629b3a3
SHA512

c30c559a3c1f221e6b1892381a13876194858fd51d9b7f944c712978c09739e571e17b29409e90ad11add812a0d12703e4f709eb7497d13abb4b1e20c53035c4
SSDEEP

768:ycCD7Yoas3r6ypVSwqkh3l2z+vMELoYJS7HX6rKLNlm84Andu4xHhPTbsqvTKI:dQ76ypVp9V2CvMERJSzE4s8xjTb1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 4924	4876	rundll32.exe	81
PID 4876 wrote to memory of 4924	4876	rundll32.exe	81
PID 4876 wrote to memory of 4924	4876	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aff58b786180adbdf371440828356260494e49ab68d4f7ce3574dfde8629b3a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aff58b786180adbdf371440828356260494e49ab68d4f7ce3574dfde8629b3a3.dll,#1
  2⤵
  PID:4924