9b40aff1391eae5862e92990f175a2ffb4fa65bccf2d39ef6406f5d770fd06bc

Analysis

max time kernel
188s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:24

Target

9b40aff1391eae5862e92990f175a2ffb4fa65bccf2d39ef6406f5d770fd06bc.dll
Size

30KB
MD5

92e454e15e6c601d226ef50a202bf920
SHA1

85f7f91e633173097272b6b07b014e8379bd4adc
SHA256

9b40aff1391eae5862e92990f175a2ffb4fa65bccf2d39ef6406f5d770fd06bc
SHA512

91c878216fea5a16a91045f7ebcbd1a21fb4b21bce3585c82d842e379f2fbb473cb106f9a7c60c5cd1b8f0c614e2d0707f4d410d04a8e4a576ffc9c35ac3abe1
SSDEEP

384:VRPkGkDKWO0YJjEApO8swLaCqvtgqCsCtCnCkaCsLTYF19:VuGke0QYApOyZnLkCosLTYH9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3776 wrote to memory of 4616	3776	rundll32.exe	81
PID 3776 wrote to memory of 4616	3776	rundll32.exe	81
PID 3776 wrote to memory of 4616	3776	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b40aff1391eae5862e92990f175a2ffb4fa65bccf2d39ef6406f5d770fd06bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b40aff1391eae5862e92990f175a2ffb4fa65bccf2d39ef6406f5d770fd06bc.dll,#1
  2⤵
  PID:4616