d56395d3bd34522bc0ca43eac7b14cde9e23f71be2f4cc7ed3fae5ff6c27f2b6

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
23/11/2022, 20:13

Target

d56395d3bd34522bc0ca43eac7b14cde9e23f71be2f4cc7ed3fae5ff6c27f2b6.dll
Size

114KB
MD5

4d87cd3087cd9f95a0544ca5778738ed
SHA1

efb93ad3a611514847c6e7565805ac80d1f4688e
SHA256

d56395d3bd34522bc0ca43eac7b14cde9e23f71be2f4cc7ed3fae5ff6c27f2b6
SHA512

30c7f0348b24c8cc26327265d51d2f719a1058ec808f704313b3c63e180cf63ba1f1a7b34f4a47b2b52942538e6540a7ead201c8196f38605bb8f5ef532599d4
SSDEEP

1536:gYvRN3uV/DD8eEznhBbgA6U616tAG07j+K6hNAv9IqoTHl8IsSyByyoR2jft6xXe:DvvKIXjhA1YAnCAvGqZ73ogAR6kK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 5072	4284	rundll32.exe	82
PID 4284 wrote to memory of 5072	4284	rundll32.exe	82
PID 4284 wrote to memory of 5072	4284	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d56395d3bd34522bc0ca43eac7b14cde9e23f71be2f4cc7ed3fae5ff6c27f2b6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d56395d3bd34522bc0ca43eac7b14cde9e23f71be2f4cc7ed3fae5ff6c27f2b6.dll,#1
  2⤵
  PID:5072