45fb216fdd85da4eae04c6e10a2ba5cf0e2d4d124e6e2394b36f464025ad2f75

Analysis

max time kernel
32s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
21-10-2022 04:15

Target

45fb216fdd85da4eae04c6e10a2ba5cf0e2d4d124e6e2394b36f464025ad2f75.dll
Size

90KB
MD5

13f7343af7ce6323c951d4be140d3bfc
SHA1

754723857942e8cfc9090a0fbdb205ee951700e4
SHA256

45fb216fdd85da4eae04c6e10a2ba5cf0e2d4d124e6e2394b36f464025ad2f75
SHA512

871fad0c3c4748fd42be10492499656b5a66064861e421dfee4bce4111fefc66bc30a2677732938f4f8a3778ad9903d12b9be00d4ffec2236ff2e77b523a149f
SSDEEP

1536:aI9js9B05V54qHp8ge4qNC1zrwKNCGEX6z7U9R0+/mb5cjU:Xjs9B6A8lLq3K4HX6z49a+/mlcjU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4740 wrote to memory of 2456	4740	rundll32.exe	77
PID 4740 wrote to memory of 2456	4740	rundll32.exe	77
PID 4740 wrote to memory of 2456	4740	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45fb216fdd85da4eae04c6e10a2ba5cf0e2d4d124e6e2394b36f464025ad2f75.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4740
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\45fb216fdd85da4eae04c6e10a2ba5cf0e2d4d124e6e2394b36f464025ad2f75.dll,#1
  2⤵
  PID:2456