945a35c521a5569d9b14d5626b6e1036239406e49767f1d54632c44c7f88d2e2

Analysis

max time kernel
150s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 17:12

Target

945a35c521a5569d9b14d5626b6e1036239406e49767f1d54632c44c7f88d2e2.dll
Size

96KB
MD5

35fcc9fb5c706bf92700b60bab2c772b
SHA1

e53fd135027d5ce80b33696a2a28fa378f130c69
SHA256

945a35c521a5569d9b14d5626b6e1036239406e49767f1d54632c44c7f88d2e2
SHA512

9c38a707a2989f976da239b6eb3b286f96f96c801fb3c224dfa362d55285dbf091b49ec444a2dc5f1a7890d7fe570da3f06a9d32833cd9784e239b2dbb1b0d00
SSDEEP

1536:DGFXqgakDYeooFPf9cuRk2azYBgArn8fsA13CAiYF:D6agueooFPJRCqYf7R5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3436 wrote to memory of 1524	3436	rundll32.exe	rundll32.exe
PID 3436 wrote to memory of 1524	3436	rundll32.exe	rundll32.exe
PID 3436 wrote to memory of 1524	3436	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\945a35c521a5569d9b14d5626b6e1036239406e49767f1d54632c44c7f88d2e2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\945a35c521a5569d9b14d5626b6e1036239406e49767f1d54632c44c7f88d2e2.dll,#1
2⤵
PID:1524