b53d69a22e26096db7b4b1a5f97ce362d5e307386dca0c1fc69e5d9526cbff47

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 11:29 UTC

Target

b53d69a22e26096db7b4b1a5f97ce362d5e307386dca0c1fc69e5d9526cbff47.dll
Size

24KB
MD5

c4c38b08688ac7da66dc65657a751f15
SHA1

12e06f89e3f77604be4c510e49c651fe7b3e768d
SHA256

b53d69a22e26096db7b4b1a5f97ce362d5e307386dca0c1fc69e5d9526cbff47
SHA512

30ea30765a8d3fb81afc3c842b46f8377fcfb2ad79a38562e1550bcebfb86ffb54d9f93278f67188d8718e009133141c1f7073b7a01554cd0aa45e8a6aabcb01
SSDEEP

384:dNxz0CP0Bqd+1pyiQmdd2PyghmaKfn4PgkCP1bAzZEgiPll:mCPMqdSciQC8AaKAP/CP1kZBU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 3796	4512	rundll32.exe	58
PID 4512 wrote to memory of 3796	4512	rundll32.exe	58
PID 4512 wrote to memory of 3796	4512	rundll32.exe	58

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b53d69a22e26096db7b4b1a5f97ce362d5e307386dca0c1fc69e5d9526cbff47.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b53d69a22e26096db7b4b1a5f97ce362d5e307386dca0c1fc69e5d9526cbff47.dll,#1
  2⤵
  PID:3796

No results found