90b61df3e9ebdc75f516daf7c91e24214f62c6e0c106b8cac36947e90ed9e61e

Analysis

max time kernel
166s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2022, 21:24

Target

90b61df3e9ebdc75f516daf7c91e24214f62c6e0c106b8cac36947e90ed9e61e.dll
Size

5KB
MD5

0b134b2058e886a501a9251ba1f7ccaf
SHA1

59e332ce46676631ad73fd157b7a05775d408116
SHA256

90b61df3e9ebdc75f516daf7c91e24214f62c6e0c106b8cac36947e90ed9e61e
SHA512

e32bf03f134b74361ed1e14bfefedcea632f13eb4575fb326f3290829e87ecd30882f4cc1883b9ae7e79005606f349a4838df9a22b8fe5197e25e7352a60af72
SSDEEP

48:q0aaPO8jGSLIv+Tqq7NqrhWR07iIsitl6YtDytJFgOrnsB/SsyomXr1MiGNzh:1h9jTqMMrY0OI/KYyznSMmie

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 1780	4860	rundll32.exe	81
PID 4860 wrote to memory of 1780	4860	rundll32.exe	81
PID 4860 wrote to memory of 1780	4860	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90b61df3e9ebdc75f516daf7c91e24214f62c6e0c106b8cac36947e90ed9e61e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90b61df3e9ebdc75f516daf7c91e24214f62c6e0c106b8cac36947e90ed9e61e.dll,#1
  2⤵
  PID:1780