af450877ec9092ecdac41132aa068b35c06572fae8d57f46ca143f49670ff920

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 16:24

Target

af450877ec9092ecdac41132aa068b35c06572fae8d57f46ca143f49670ff920.dll
Size

85KB
MD5

8df3447b9ec8e64a719a813b9c4364bc
SHA1

0710b0ad8501111cfc38eb56b0d58469841443d2
SHA256

af450877ec9092ecdac41132aa068b35c06572fae8d57f46ca143f49670ff920
SHA512

424dbd5f243d7a0a6e2311322bd193c9ee64fc9e0ff7fcc4b1b32b75f9b8586641d2ed50bd60f48f914f900fc829fa63171a8c6a740f8a0ef54736a01437bb0c
SSDEEP

1536:ownUDC4GLc/0L3eM1YVqC54+2RzNl3CzZMiyHibhY/ImHk8Z8niq1vW7+Nm:owUNGLYncYVqCKZNKZMfH/ImE8Z7sWkm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1516 wrote to memory of 2368	1516	rundll32.exe	82
PID 1516 wrote to memory of 2368	1516	rundll32.exe	82
PID 1516 wrote to memory of 2368	1516	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af450877ec9092ecdac41132aa068b35c06572fae8d57f46ca143f49670ff920.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1516
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af450877ec9092ecdac41132aa068b35c06572fae8d57f46ca143f49670ff920.dll,#1
  2⤵
  PID:2368