566bb043fb68994c81d896c0c8d1f9d09c94cdfc945e6ab7224d9b8511bcdb9e

Analysis

max time kernel
290s
max time network
342s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 14:17

Target

566bb043fb68994c81d896c0c8d1f9d09c94cdfc945e6ab7224d9b8511bcdb9e.dll
Size

34KB
MD5

6492b672bb0c485edea945ae43bf0bef
SHA1

af5c60a6883c89b73e3e1424befd4d9e0f38d3ee
SHA256

566bb043fb68994c81d896c0c8d1f9d09c94cdfc945e6ab7224d9b8511bcdb9e
SHA512

96d1a6dc0b8908eee263582ce245d4444c6c3e2d58e3f64e709cd88a4e6fea3409624367c09f69610a7cb7e7f2d189adfd4f5da476bb9e115b77d12a6b654b1e
SSDEEP

768:U7mRDL0cgngbMzSJOQc7S/DftqqhnP0RROPx:cmRD7gHzS0d7S/1pMRROp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 556 wrote to memory of 1856	556	rundll32.exe	rundll32.exe
PID 556 wrote to memory of 1856	556	rundll32.exe	rundll32.exe
PID 556 wrote to memory of 1856	556	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\566bb043fb68994c81d896c0c8d1f9d09c94cdfc945e6ab7224d9b8511bcdb9e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:556

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\566bb043fb68994c81d896c0c8d1f9d09c94cdfc945e6ab7224d9b8511bcdb9e.dll,#1
2⤵
PID:1856