caf151800545f2d51dad82f7b1f31fbd72776b13ffd991ecbb681e89a86d5bf1

Analysis

max time kernel
116s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 06:28

Target

caf151800545f2d51dad82f7b1f31fbd72776b13ffd991ecbb681e89a86d5bf1.dll
Size

77KB
MD5

4e48effee373a9fa53720b5535ddcf48
SHA1

6dd898ace0999114806969487316554d4e153e5e
SHA256

caf151800545f2d51dad82f7b1f31fbd72776b13ffd991ecbb681e89a86d5bf1
SHA512

16546aa9cd3cb0036bb7517f3d90793c53e2094ae8ddc6d4d8e109c2b3eacb29375dc6e632423d4425156d1a8b3fa84e636e4941e250247c19296338b22a01ae
SSDEEP

1536:jZIcCxRTocKDZ7Jsw+0ZFDXMfjqZNnA3dDTkKljOJWYe1:x+E3swD7MmZBANDT9T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2144 wrote to memory of 4112	2144	rundll32.exe	81
PID 2144 wrote to memory of 4112	2144	rundll32.exe	81
PID 2144 wrote to memory of 4112	2144	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\caf151800545f2d51dad82f7b1f31fbd72776b13ffd991ecbb681e89a86d5bf1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\caf151800545f2d51dad82f7b1f31fbd72776b13ffd991ecbb681e89a86d5bf1.dll,#1
  2⤵
  PID:4112