318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381

Analysis

max time kernel
179s
max time network
188s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 04:06

Target

318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll
Size

92KB
MD5

0eb8fc81bf46bc4335590cc55ac48d61
SHA1

15c6500c0a25ef1bb49a38a2df933d89760b4a9b
SHA256

318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381
SHA512

0edfd5047dbdc697abd5cc9d4c1d1be1b5de76f020db46ec1862eb07e3008ff6a4fa515580cac6d8dbb2bcfd493c35a5945f377ea2d52db4730126f905856101
SSDEEP

1536:yey7v0e15WPnM2tJjK2SCE58ecuuGsFZD6QXHhAk/tDLeV:yeyr/15eVKbCEBuGsFZDzXBAk/tDLeV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3104 wrote to memory of 3056	3104	rundll32.exe	rundll32.exe
PID 3104 wrote to memory of 3056	3104	rundll32.exe	rundll32.exe
PID 3104 wrote to memory of 3056	3104	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3104

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\318142d1c350a73e886dc264319b90e319dc81bd921ffd4db73313d89eb88381.dll,#1
2⤵
PID:3056