f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a

Analysis

max time kernel
62s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
28/10/2022, 20:55

Target

f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll
Size

47KB
MD5

0c122a58cbf8c62850695bad56368670
SHA1

71903c246c7955586352615e0f18d4ba361bbd87
SHA256

f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a
SHA512

9f41721fa02c25741c36e096fbbbaea223953ab67dfba33c2f5a96726f45671da06bb53c30a94854b866127d3bfb4a24e427b5b815e947d8fd33929bc4270efc
SSDEEP

768:ISE0qUhSPbWCdFtiXuFCPzbjLdtDj9hwjny:HzvhSP6CdFtiXuFCPzZtDjfw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3792 wrote to memory of 4924	3792	rundll32.exe	82
PID 3792 wrote to memory of 4924	3792	rundll32.exe	82
PID 3792 wrote to memory of 4924	3792	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3792
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f68660f5c428ab104917aa7ef4874f36da0625f78da3f03a5e299c354b81904a.dll,#1
  2⤵
  PID:4924