dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23-11-2022 19:50

Target

dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c.dll
Size

64KB
MD5

3a49b15abd198f4978606440eff9541a
SHA1

2528416c05de56432103b5f9dc7a053cc5e1462b
SHA256

dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c
SHA512

d328795c11c7c2d80136b2659fe72d881ff18e6ce5db23706810c96d00163de4d0334416e2fd2bb35db39e660f3962c38e8c0d53437d62be7bee33737a902012
SSDEEP

1536:7NDeEwHHaSFYcAeaThGVsEF5ILNDuFpjgPXAA:7NDPmxLU985YcFpjgPwA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3488 wrote to memory of 3720	3488	rundll32.exe	81
PID 3488 wrote to memory of 3720	3488	rundll32.exe	81
PID 3488 wrote to memory of 3720	3488	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dd78205738f7ddefa79e728bf643fcdfd8c0bdd416f2470b054a2cb2290aca9c.dll,#1
  2⤵
  PID:3720