99f50428435784effdd0ff16277bf181f3bc5c99acd2379a0e23488795e45dda

Analysis

max time kernel
79s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 20:11

Target

99f50428435784effdd0ff16277bf181f3bc5c99acd2379a0e23488795e45dda.dll
Size

58KB
MD5

4f66d7d2260fb262e28c361f064f8160
SHA1

fe26cce671fb26d2f76b61986237955289d3db65
SHA256

99f50428435784effdd0ff16277bf181f3bc5c99acd2379a0e23488795e45dda
SHA512

f2503f0a37a7845cf8d64a9e8c184aedad7ed54283511f60b10400ce8047ec71715b2f5f0ce2ce54f9f5e69c05e76c8c2a55eae47200b62ddf85545da3689fcd
SSDEEP

768:GbvLDaaMact8TedlcmpH8koGEp8Janwf+K0KRPAlpBm3GQuY9R0V8Z9h0FwgBoXN:evajcsIkcKqpBmD9RIkh0FjtBzi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2344	2044	rundll32.exe	80
PID 2044 wrote to memory of 2344	2044	rundll32.exe	80
PID 2044 wrote to memory of 2344	2044	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\99f50428435784effdd0ff16277bf181f3bc5c99acd2379a0e23488795e45dda.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\99f50428435784effdd0ff16277bf181f3bc5c99acd2379a0e23488795e45dda.dll,#1
  2⤵
  PID:2344