21a93dbe9121068ce85c7cc212d47a2a8fab8432ec9c39369cf3336aafd42213

Analysis

max time kernel
186s
max time network
247s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 22:45

Target

21a93dbe9121068ce85c7cc212d47a2a8fab8432ec9c39369cf3336aafd42213.dll
Size

472KB
MD5

7ecee0ce49ca1095974796a80f408be2
SHA1

e1866720dd832e415374a34704ddfc722e609d53
SHA256

21a93dbe9121068ce85c7cc212d47a2a8fab8432ec9c39369cf3336aafd42213
SHA512

11bfa2f9a50a97dde4877d414beeccce0d511bc1e3e248bc7d301fc14d57a70ba5e80d692f4c5db42a9f475b2097f3b39af43974942ad0a100cddc791f59390f
SSDEEP

6144:dsVLSCAHHyS/m6HOfhjVbSYa8IcuHadKQ7yeO12eXGL9hzOEh3zg3ylljEzZ:e24pjZSYeM7I0eXO3OEMyllYz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3368 wrote to memory of 2112	3368	rundll32.exe	82
PID 3368 wrote to memory of 2112	3368	rundll32.exe	82
PID 3368 wrote to memory of 2112	3368	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21a93dbe9121068ce85c7cc212d47a2a8fab8432ec9c39369cf3336aafd42213.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3368
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21a93dbe9121068ce85c7cc212d47a2a8fab8432ec9c39369cf3336aafd42213.dll,#1
  2⤵
  PID:2112