20b20ef2f7445d370225b4cce3f15f8095f7380ac07c903d3b2a8106bafa9bc7

Analysis

max time kernel
96s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 20:01

Target

20b20ef2f7445d370225b4cce3f15f8095f7380ac07c903d3b2a8106bafa9bc7.dll
Size

96KB
MD5

83aaec1c5335b6d7e54f7e21a058fec9
SHA1

ef891731ae952c0bba7fb52767f255097f5a2ce1
SHA256

20b20ef2f7445d370225b4cce3f15f8095f7380ac07c903d3b2a8106bafa9bc7
SHA512

989ffa5f9f9ac8bfbb6936d8970966b07e09452fb7811966354b917efcea7ea157381f3ecd02da9df53c42e306663cf05d05494703bd8671e9a22c00d0437e81
SSDEEP

3072:R7XtlLcYgJOak8iDqtBWxTdc41vZD75VecQi2:lXtlkOJ8tsYkZ3z9Qi2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2204 wrote to memory of 1604	2204	rundll32.exe	82
PID 2204 wrote to memory of 1604	2204	rundll32.exe	82
PID 2204 wrote to memory of 1604	2204	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\20b20ef2f7445d370225b4cce3f15f8095f7380ac07c903d3b2a8106bafa9bc7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\20b20ef2f7445d370225b4cce3f15f8095f7380ac07c903d3b2a8106bafa9bc7.dll,#1
  2⤵
  PID:1604