91e66a60b522b082b8bc44654b1fda9f35481c213bde0b909017939a7e73f2d5

Analysis

max time kernel
184s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:47

Target

91e66a60b522b082b8bc44654b1fda9f35481c213bde0b909017939a7e73f2d5.dll
Size

6KB
MD5

3a7f28b66fef3a36de8d0b14b97d9190
SHA1

116f84db9e290b96de7f8471214a55d741b5c720
SHA256

91e66a60b522b082b8bc44654b1fda9f35481c213bde0b909017939a7e73f2d5
SHA512

38124a78c0bafd08c8fa6ee7612eb9c941506950d47ddc8346188fa1ea2bd2931f47290857979ed2688ffabf203373969ae52eb88eb46d5ed3cbb02e6f79ad83
SSDEEP

24:e31GSByDXy8e53+m//pQVSRvtj49kv/imRg5hHafep9afepENvhafepGi/lmxMxQ:CCy86+Wet9Q/iooHeiefhe+/lSMYEq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4876 wrote to memory of 1296	4876	rundll32.exe	83
PID 4876 wrote to memory of 1296	4876	rundll32.exe	83
PID 4876 wrote to memory of 1296	4876	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91e66a60b522b082b8bc44654b1fda9f35481c213bde0b909017939a7e73f2d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91e66a60b522b082b8bc44654b1fda9f35481c213bde0b909017939a7e73f2d5.dll,#1
  2⤵
  PID:1296