db5aa4b0f9536ccb30cf396202ceb4ca695f6057d85dc50f88fa2a9e4446c280

Analysis

max time kernel
81s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 15:09

Target

db5aa4b0f9536ccb30cf396202ceb4ca695f6057d85dc50f88fa2a9e4446c280.dll
Size

4KB
MD5

82d78edd03a366f1b1d1aaf60ad261c0
SHA1

e77c4df68fad0e0d70dacfc271bd8704304d856b
SHA256

db5aa4b0f9536ccb30cf396202ceb4ca695f6057d85dc50f88fa2a9e4446c280
SHA512

d4e1c80827e2dc80ec8918e2504518a56544606034ac2f86e309b582cc672115a839b3e76a4e69d49c53e8ade6f49dfd660afe1fa5625ca73310c1d0ae0aa269
SSDEEP

48:qHupGeMcCB96DrhWHR0FiIsipZlM+u+eAPMDQHpyuLv6om0T1A:PMXB0rw0MI/pwbdS1A

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 3312	2072	rundll32.exe	82
PID 2072 wrote to memory of 3312	2072	rundll32.exe	82
PID 2072 wrote to memory of 3312	2072	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\db5aa4b0f9536ccb30cf396202ceb4ca695f6057d85dc50f88fa2a9e4446c280.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\db5aa4b0f9536ccb30cf396202ceb4ca695f6057d85dc50f88fa2a9e4446c280.dll,#1
  2⤵
  PID:3312