488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9

Analysis

max time kernel
91s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 04:38

Target

488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9.dll
Size

37KB
MD5

92e9cde91e4d9657d66bae48f7ffd1ce
SHA1

6611a06022e5b5665bc5a43b5c68b5417b91ef67
SHA256

488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9
SHA512

c4e04f4eb12254f38cfcb4656597e93b5e7419f2c6a3b49f0abd65b6f2c7325a074c01aeb7c2b5c06ad9aa88a7dffe9019a659d05ac2060cdb01dc8ad107e7a8
SSDEEP

768:ItoC8iTBGo571TseLK97sXBj2rB8oZ7u4Uy:YqiTBG8pAP7ICqo9NUy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 4596	2976	rundll32.exe	81
PID 2976 wrote to memory of 4596	2976	rundll32.exe	81
PID 2976 wrote to memory of 4596	2976	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\488f66d28a4157564ce6b8fc635b9e26152c27f166d2c9fdfd9dc28446e134f9.dll,#1
  2⤵
  PID:4596