2d8b95f7f0fc10d8dbcf893b8727832ffe22d86c6628d33f5807b6ab4fbe2df3

Analysis

max time kernel
72s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20/10/2022, 16:40

Target

2d8b95f7f0fc10d8dbcf893b8727832ffe22d86c6628d33f5807b6ab4fbe2df3.dll
Size

104KB
MD5

96c6ab84f90c1a42762d09cd69f745f5
SHA1

6d92e2716d667c0ca20aed06fe11101498ee2086
SHA256

2d8b95f7f0fc10d8dbcf893b8727832ffe22d86c6628d33f5807b6ab4fbe2df3
SHA512

37ce89c84f0b0cd2afcb88ca0e68486b851adfc23ebd7498a2bf32e4b0aeee002c5d7a3ecfb646e7fe46c565e9189807817da8cb5b2ea4dd3e4b9b4531d7974b
SSDEEP

1536:Eh1T6DE3TEYkJUpltszq0Ql9slblmBL7niTMm6MNPgVS4H:EfEYkJdHWKlwQMmPgVV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 2184	4040	rundll32.exe	54
PID 4040 wrote to memory of 2184	4040	rundll32.exe	54
PID 4040 wrote to memory of 2184	4040	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d8b95f7f0fc10d8dbcf893b8727832ffe22d86c6628d33f5807b6ab4fbe2df3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2d8b95f7f0fc10d8dbcf893b8727832ffe22d86c6628d33f5807b6ab4fbe2df3.dll,#1
  2⤵
  PID:2184