479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad

Analysis

max time kernel
154s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 23:58

Target

479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll
Size

26KB
MD5

e71d881e12b6f40e4f2785e9fe944650
SHA1

54dab85dc5490d21f83017ee6b48e64691556c3c
SHA256

479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad
SHA512

21bfc03d15b03d7ba3076131d82ff3e33f0e43aa40585cad751ac314805d0b72f8f05aa56b0f60b2a40d20b1fbaccc365d3e2ec99e4632d4a7c5e31887f88272
SSDEEP

384:V5m008E9N4NJI9LmFKZxGvAEio77bicN8oN3vZa7xh2RaRLwg7Pd:2008NI9LpZxG8o7KcuoBQ7PfRMg7Pd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4944	4900	rundll32.exe	81
PID 4900 wrote to memory of 4944	4900	rundll32.exe	81
PID 4900 wrote to memory of 4944	4900	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\479af2381bab29f79639794ae0c17944b8e21b3ad9c8253e0bc05c951076c0ad.dll,#1
  2⤵
  PID:4944