2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e

Analysis

max time kernel
216s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 21:50

Target

2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e.dll
Size

56KB
MD5

5f0dafdc2267c180096ee4f5c880a9b5
SHA1

f6e1b3c946af9c1a87180a88921d7d5e56d46102
SHA256

2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e
SHA512

6349dfb12571b27147fe8426f00f9b8cc1d2ada87dacaca56dec905b7b6a51ca6cce2692ca90405547789f2a5cd5c22f372443a299351a792c5cabcb5b305464
SSDEEP

768:u1CcrzeYsr836EH/CalRiNDqBvhmZZyiwjb:CCSCopqJNDqBoZZypj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4780 wrote to memory of 4788	4780	rundll32.exe	78
PID 4780 wrote to memory of 4788	4780	rundll32.exe	78
PID 4780 wrote to memory of 4788	4780	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2879b35d486b0033f6633d92c45674bed2f196cbe6c3fe2f8b9fdda5879ba59e.dll,#1
  2⤵
  PID:4788