a51a9170d46f6b5f3dcc1521ec2f3841a83ff4bee9c754b6e22c8c9bd4c73b50

Analysis

max time kernel
91s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 20:01

Target

a51a9170d46f6b5f3dcc1521ec2f3841a83ff4bee9c754b6e22c8c9bd4c73b50.dll
Size

98KB
MD5

84a298768e18f189fcebc5fd060d48c5
SHA1

2ced191b46bf22769a5f06c76656f400bc4b0d91
SHA256

a51a9170d46f6b5f3dcc1521ec2f3841a83ff4bee9c754b6e22c8c9bd4c73b50
SHA512

4473e5db53bf11b8a908ab23dd3e53f647e4ca2be8d7f5db854961bb94505a1109d29cea8259e1271c133fad7dddb41f7b332d40df4eb1c9d7519fd0245b1bbe
SSDEEP

1536:ISKyVLql4k6MEymJVz1w1LlxCPc6jKYf66uMmSmR7Q:ISKyVLqikzEyIWhbCEZYy1Mm57Q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 4928	4876	rundll32.exe	66
PID 4876 wrote to memory of 4928	4876	rundll32.exe	66
PID 4876 wrote to memory of 4928	4876	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a51a9170d46f6b5f3dcc1521ec2f3841a83ff4bee9c754b6e22c8c9bd4c73b50.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a51a9170d46f6b5f3dcc1521ec2f3841a83ff4bee9c754b6e22c8c9bd4c73b50.dll,#1
  2⤵
  PID:4928