14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c

Analysis

max time kernel
117s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 23:44

Target

14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll
Size

287KB
MD5

4229afc39bf9aa81526a270a3c8ee7f1
SHA1

dd04a8e9e9fc03ff31fc059c8b4350166586eabe
SHA256

14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c
SHA512

7227b26de1621132e09a1f9ffa4bf8dfdf1d50737c23f5825587013b94a4dd2ea990c7283c56236cb44a9b5e9dbc141507e138f15414132adc8ad30698dbf3a6
SSDEEP

3072:F0+LyPPPvvcSRYun5wGUacVrmR6kIJKYrAjH/ltU9mZdyEWgwxAOTwEhZZ/jPqD0:DLyXtSun5E/jtPuhWgQ/LXjiUQCUB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3108 wrote to memory of 2564	3108	rundll32.exe	rundll32.exe
PID 3108 wrote to memory of 2564	3108	rundll32.exe	rundll32.exe
PID 3108 wrote to memory of 2564	3108	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14154df4a78dd5275bfb500039bf409ecaa08bd0578ca5ffb55d8088d37aa87c.dll,#1
2⤵
PID:2564