4b93e8cbf3265e2cd5e89f1b74dcdbac74cf1d27981cee128f0d49effc2195ba

Analysis

max time kernel
166s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 21:17

Target

4b93e8cbf3265e2cd5e89f1b74dcdbac74cf1d27981cee128f0d49effc2195ba.dll
Size

6KB
MD5

0f82b7ca382d4a6466f1496ae9902009
SHA1

2acecf5c096535f81391ed3d07ad5528db9b5238
SHA256

4b93e8cbf3265e2cd5e89f1b74dcdbac74cf1d27981cee128f0d49effc2195ba
SHA512

c4221e1cb7997e44c2d2acd32a04a45685cc12709f4eea82453294f7a90fcbaf756b75dde51c73da8d250a6ccc5a2ea98f8ffbe9d9dc3d4d5ed07599461f39d9
SSDEEP

96:nGTKrYJyJ5gT9jXk9eXWI/n9e1r/CVd7p0jsnmUD79P:nGTWJGp0UZUd6378snt7x

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 5076	2612	rundll32.exe	78
PID 2612 wrote to memory of 5076	2612	rundll32.exe	78
PID 2612 wrote to memory of 5076	2612	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b93e8cbf3265e2cd5e89f1b74dcdbac74cf1d27981cee128f0d49effc2195ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b93e8cbf3265e2cd5e89f1b74dcdbac74cf1d27981cee128f0d49effc2195ba.dll,#1
  2⤵
  PID:5076