99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f

Analysis

max time kernel
7s
max time network
2s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 19:59

Target

99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll
Size

50KB
MD5

1841773d77d29668a41aea188a9b5071
SHA1

248b02383527a2fa71f1f4bc1cea5d7d605417b9
SHA256

99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f
SHA512

ffa4ffe833a8c475aa9061cfe8652a3f610cf989abe8558681a88885e75889838621c54458aad687c73e203a75de95c4bf5a76d6fb5ce22d251897ead151fdae
SSDEEP

768:9KLzd9toIO7vtW3ZOeomXVWCiDuk9vcbYlT34FhekoATlrAuFGaZfCrcu:KbtoIYeOuy9vcbOOohoAu8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 1588	2228	rundll32.exe	75
PID 2228 wrote to memory of 1588	2228	rundll32.exe	75
PID 2228 wrote to memory of 1588	2228	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99c5406db8d281f2f1bbaf933c7b1bf381bb770090ea418704707d6de42a6d4f.dll,#1
  2⤵
  PID:1588