59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e

Analysis

max time kernel
170s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 08:54

Target

59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e.dll
Size

19KB
MD5

cc075c6dc920a1a1cae8d863171a60f1
SHA1

0a52dc86f9ed82403350e73a25a74a32bebf35b3
SHA256

59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e
SHA512

acc1d619434b269d63359dbc2531974a91b2d6ac15cd99197d29f62fc4b45edbecb18ea69dc5efcd0a9a3c85d83b803b5db2a827b1249cad88c7c58de19d167b
SSDEEP

384:saToxkB7ackZDdRrRLZ7ONm8422AQOHFY9KShPHixHVRAi7flShSSPfq:BR+jP9ZSTr2klmExtS9S

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2748 wrote to memory of 2124	2748	rundll32.exe	66
PID 2748 wrote to memory of 2124	2748	rundll32.exe	66
PID 2748 wrote to memory of 2124	2748	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59ff14e477e729821bdde1bc46737d7ef361e0e19aadac34b6dd869e7f88019e.dll,#1
  2⤵
  PID:2124