1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb

Analysis

max time kernel
252s
max time network
325s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 19:24

Target

1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll
Size

456KB
MD5

35209c845dd2c67749fe8cca12a5b310
SHA1

1cf945f3af89253e0da8bfa463e7893a5ff4700f
SHA256

1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb
SHA512

46c28d345fa5655f3ae02b873ec59ab6c9715dac8ff59201ce7f8cd4339d2bdcc97fedfb8072aead9959795033618b248fe9b82fabd10ce751208381df8b705d
SSDEEP

6144:94TmSt9uNNtXlD2K0Hp/59dB9SzH2xL/zrnpEEDePzn5/K:tYQtXlD2N7SD2xnTpbDeb5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4524 wrote to memory of 3460	4524	rundll32.exe	rundll32.exe
PID 4524 wrote to memory of 3460	4524	rundll32.exe	rundll32.exe
PID 4524 wrote to memory of 3460	4524	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4524

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1df0b26a71b5e2678914f4b6c0f52a9fa71d2bbf796ce06ccddb1807f1f535cb.dll,#1
2⤵
PID:3460