996f27c443a2ff61567e79538c4ba907a4e7115522103493eb7a736619211ac7

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 20:05

Target

996f27c443a2ff61567e79538c4ba907a4e7115522103493eb7a736619211ac7.dll
Size

49KB
MD5

5c06bc8dc157b0866f85bcb1796aa167
SHA1

12089ad82fbd0095b4338f1aadc0975ba7ef8587
SHA256

996f27c443a2ff61567e79538c4ba907a4e7115522103493eb7a736619211ac7
SHA512

bfeea27e75c95133da84569fedb21a9d94a27a35090b7f0237485a8d2316c0ea64e1b9462505fb0c380bd8eb7ffea4ca0d6351b5e030abd4d262247456c7be34
SSDEEP

768:z3OHS8KOzE24MRiHlWY66gylrGGYNCv3+y+AcM7Op1AKlhPGd/TFO38W5:yHZB4MRi4/6gaXYCrOIppfW5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2752 wrote to memory of 3480	2752	rundll32.exe	82
PID 2752 wrote to memory of 3480	2752	rundll32.exe	82
PID 2752 wrote to memory of 3480	2752	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\996f27c443a2ff61567e79538c4ba907a4e7115522103493eb7a736619211ac7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\996f27c443a2ff61567e79538c4ba907a4e7115522103493eb7a736619211ac7.dll,#1
  2⤵
  PID:3480