f364dbb2bbe0950df755c8d287acc964b83c20a1feab9eeb376e153e58a8214f

Analysis

max time kernel
93s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-10-2022 02:36

Target

f364dbb2bbe0950df755c8d287acc964b83c20a1feab9eeb376e153e58a8214f.dll
Size

58KB
MD5

24c2aa1f979653e20e1a31bc224be2ad
SHA1

c34b5eb35f0a581a241bc7485a2fbc105b1f23d6
SHA256

f364dbb2bbe0950df755c8d287acc964b83c20a1feab9eeb376e153e58a8214f
SHA512

e3bbe10a97a599c3954bba1eb2e529cb6b9df494aca70ec15a318bf23c56959b98abcfff2b6df24cc39565e1af0a8abf74c001aec6f0964deb011ce74ff8e200
SSDEEP

1536:4rTzEL5D9ACSrVqGgMZ8XgZhczdG7+E8aFZN2qx:4HzgD9A3VPZoFg2a

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3984 wrote to memory of 1516	3984	rundll32.exe	80
PID 3984 wrote to memory of 1516	3984	rundll32.exe	80
PID 3984 wrote to memory of 1516	3984	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f364dbb2bbe0950df755c8d287acc964b83c20a1feab9eeb376e153e58a8214f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f364dbb2bbe0950df755c8d287acc964b83c20a1feab9eeb376e153e58a8214f.dll,#1
  2⤵
  PID:1516