37a45d0df07fbb93e0a66f9595ff7cbc4526f0469555254b5c5e574e0fd755e4

Analysis

max time kernel
91s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 19:08

Target

37a45d0df07fbb93e0a66f9595ff7cbc4526f0469555254b5c5e574e0fd755e4.dll
Size

24KB
MD5

82c6eb6bf0d5b17da71cd3411f95f1b0
SHA1

b37a072f6d9a292a1160019fe562f186299b707f
SHA256

37a45d0df07fbb93e0a66f9595ff7cbc4526f0469555254b5c5e574e0fd755e4
SHA512

34992f3f6984933789daee9a1ad375991b513e92006ed4de3b481ec1aab127bfb2efbc1a450c294f2acb0caa5442f93f9a586b913ab6ef6cf648d427f245ec3d
SSDEEP

384:p5//hyXNdtyXNdjByCvbxZENkqR928QBNwMjudzuF9yBeD/l7L8:p5hctcjsCvbx2928QBO309QerRg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 5060	4932	rundll32.exe	80
PID 4932 wrote to memory of 5060	4932	rundll32.exe	80
PID 4932 wrote to memory of 5060	4932	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\37a45d0df07fbb93e0a66f9595ff7cbc4526f0469555254b5c5e574e0fd755e4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\37a45d0df07fbb93e0a66f9595ff7cbc4526f0469555254b5c5e574e0fd755e4.dll,#1
  2⤵
  PID:5060