4991bb3fddcaae5993cd6b2e8bc25b6226394e4b266513490c09ca85a12265a8

Analysis

max time kernel
153s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 06:27

Target

4991bb3fddcaae5993cd6b2e8bc25b6226394e4b266513490c09ca85a12265a8.dll
Size

103KB
MD5

80015d510d66465ce87b8bb1e9a9ed09
SHA1

6338e1c2255e55eacb0e74acaec54ac463b2a780
SHA256

4991bb3fddcaae5993cd6b2e8bc25b6226394e4b266513490c09ca85a12265a8
SHA512

1d108041dd2fb7a3878c144c34b96815a39f0193d14a26fd711038dd89ab83a70cdac1adb2e7ea7449371fb62ed7acb717cb8cd9960467eea6f44a0a2d0c195e
SSDEEP

3072:f2RWdNEp4Ls2ADWmxQft2dLiRMQ9r39LvCZd:f2RWdNEqg9DW57RMQ9r39L6Zd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2408 wrote to memory of 376	2408	rundll32.exe	81
PID 2408 wrote to memory of 376	2408	rundll32.exe	81
PID 2408 wrote to memory of 376	2408	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4991bb3fddcaae5993cd6b2e8bc25b6226394e4b266513490c09ca85a12265a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2408
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4991bb3fddcaae5993cd6b2e8bc25b6226394e4b266513490c09ca85a12265a8.dll,#1
  2⤵
  PID:376