a4059dd805d1cfdd8ef38a2aa9a3742f8ef8f7a32cf535e6fedf54c59097144f

Analysis

max time kernel
120s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 20:43

Target

a4059dd805d1cfdd8ef38a2aa9a3742f8ef8f7a32cf535e6fedf54c59097144f.dll
Size

276KB
MD5

402283a5789d0e105df0cb95217a9f5d
SHA1

1c0bdd764562a2e75c5f7a8411c5398f3b68cf9b
SHA256

a4059dd805d1cfdd8ef38a2aa9a3742f8ef8f7a32cf535e6fedf54c59097144f
SHA512

4d608d40299a18d51909aa40023c4c08407a8558567186866f82a9d518934e0d70b80b5a82ebe9fa19b1c877a892055e797a17b0d79b421ca755a90959414a29
SSDEEP

6144:9+MglbpqGEPuvKmHK4VD2Mf/HX0bEDcDKhTCRD:9lQNHvp2ufX2EDlCRD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5012 wrote to memory of 1960	5012	rundll32.exe	80
PID 5012 wrote to memory of 1960	5012	rundll32.exe	80
PID 5012 wrote to memory of 1960	5012	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4059dd805d1cfdd8ef38a2aa9a3742f8ef8f7a32cf535e6fedf54c59097144f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4059dd805d1cfdd8ef38a2aa9a3742f8ef8f7a32cf535e6fedf54c59097144f.dll,#1
  2⤵
  PID:1960