937135092a2784aa2dd9124ac646e2aac12ead6e2f5e7ea3a70c81bddf885bca

Analysis

max time kernel
67s
max time network
136s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 13:38

Target

937135092a2784aa2dd9124ac646e2aac12ead6e2f5e7ea3a70c81bddf885bca.dll
Size

364KB
MD5

cc00e4dab17a0c00455e48701f46fea1
SHA1

6f879390fc652d473f28972266ed48758cce3a1a
SHA256

937135092a2784aa2dd9124ac646e2aac12ead6e2f5e7ea3a70c81bddf885bca
SHA512

4e3244a1a939efb534639aac9bb815d668048fef5d9f89aeb711cefd44516b16795e5ff66ddb3b1a054d5f76bb3ef63c0f0ff44889f50b44f8946543b15ab9e8
SSDEEP

6144:SQOipfZZM54Klw0T8L6Yp+R28Jkq9yogA1f+Bp9Aaxsl67RMCBn8mtU4RL0cy:SQnZZM54VDHI+AaxsloT8OU4RLPy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4496 wrote to memory of 5080	4496	rundll32.exe	rundll32.exe
PID 4496 wrote to memory of 5080	4496	rundll32.exe	rundll32.exe
PID 4496 wrote to memory of 5080	4496	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\937135092a2784aa2dd9124ac646e2aac12ead6e2f5e7ea3a70c81bddf885bca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4496

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\937135092a2784aa2dd9124ac646e2aac12ead6e2f5e7ea3a70c81bddf885bca.dll,#1
2⤵
PID:5080