abdd100c59d6e190f9697c78fe06906ffe46f2128fc5548c25040493fe2e72bf

Analysis

max time kernel
143s
max time network
182s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2022, 20:07

Target

abdd100c59d6e190f9697c78fe06906ffe46f2128fc5548c25040493fe2e72bf.dll
Size

46KB
MD5

5e664d25760d41407ff488f88393b270
SHA1

749bac39b480d01d5c3ace9295a91edfed62ca84
SHA256

abdd100c59d6e190f9697c78fe06906ffe46f2128fc5548c25040493fe2e72bf
SHA512

3b4cfbeb50236b4be5f13015f71df6f828b3da8b98216bf0768f0e6657b2af758ed74908580bf160407db935a14c3b22f31faff86b489bcdedb995be3bdff721
SSDEEP

768:h8WTpVT0X8zb0xGPJ7Py8SeUSnoNvDFZEtkGSV35r9DVFsk1gn:RVtB7K8SeuFZ8kTL2kGn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3604 wrote to memory of 5060	3604	rundll32.exe	81
PID 3604 wrote to memory of 5060	3604	rundll32.exe	81
PID 3604 wrote to memory of 5060	3604	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abdd100c59d6e190f9697c78fe06906ffe46f2128fc5548c25040493fe2e72bf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abdd100c59d6e190f9697c78fe06906ffe46f2128fc5548c25040493fe2e72bf.dll,#1
  2⤵
  PID:5060