928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:20

Target

928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll
Size

57KB
MD5

3cc3a4f4e04b2d0c3dd3871d38a02d45
SHA1

30bf511d936e5dc4125b5acc10d122a91a293976
SHA256

928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350
SHA512

6471924d492f7c1e6565a3dc59ad9597d143048bcf4898d732583b13be444d4fb6aec7385a620724634ecded3db1deeac368837680f9cdc969cc12024730e3ab
SSDEEP

1536:WNIKDp4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:Xqp4YU6ErtGNEKIpCT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4856	4804	rundll32.exe	80
PID 4804 wrote to memory of 4856	4804	rundll32.exe	80
PID 4804 wrote to memory of 4856	4804	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\928990814c7ce007a7ee99f20484e4442b6e70b10dce431b1a7e4d61c9a6b350.dll,#1
  2⤵
  PID:4856