756eea3136b74724e5e41edfdc9f7955145abb6ca9a2c07ce9d5d9ee23dd50bf

Analysis

max time kernel
140s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29-11-2022 07:42

Target

756eea3136b74724e5e41edfdc9f7955145abb6ca9a2c07ce9d5d9ee23dd50bf.dll
Size

35KB
MD5

db456fd56748c6cc077c23d18f7ea324
SHA1

34cc0d96c38f32cc58922e28fbf7d8f249bfb1e1
SHA256

756eea3136b74724e5e41edfdc9f7955145abb6ca9a2c07ce9d5d9ee23dd50bf
SHA512

aef627fbbd2892120dcb577d98e669ee3f86ec32b9c1f97d74fca8de78acc2363f0bfdcd9a61b9bed505e49d42597110224b67654377752c2042e5cd26c4fd9f
SSDEEP

768:C9CgWU9Rswasmbb4LKWs8R578oXFNiObhsJkRAHfI5:C9J/9RswangKWN78oXOUsJkRUi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3372 wrote to memory of 4292	3372	rundll32.exe	76
PID 3372 wrote to memory of 4292	3372	rundll32.exe	76
PID 3372 wrote to memory of 4292	3372	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\756eea3136b74724e5e41edfdc9f7955145abb6ca9a2c07ce9d5d9ee23dd50bf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3372
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\756eea3136b74724e5e41edfdc9f7955145abb6ca9a2c07ce9d5d9ee23dd50bf.dll,#1
  2⤵
  PID:4292