694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a

Analysis

max time kernel
166s
max time network
190s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01-12-2022 03:41

Target

694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a.dll
Size

1.4MB
MD5

5b85080e2d4a9ea46fd84f7aaa6e9f99
SHA1

7f6ecb715405bd7c5f1fbf541f3af3baf434123c
SHA256

694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a
SHA512

634b7e6fd932f4d5b11f133be6cd01d0dee8d279bfdec9165806c2e1d25bd65d4f7b2cdaac73a8c24bc1043e1970c85201b73d5c7468a0fe04948be07c1f0c69
SSDEEP

24576:HRheT8MiAEsxbkQnkJNm6eA3oVVvfVXr01sVPvJJ:HR4TmAyJNmkQhrmQHH

Score

5^/10

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\rundll32.exe	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1528 wrote to memory of 3672	1528	rundll32.exe	83
PID 1528 wrote to memory of 3672	1528	rundll32.exe	83
PID 1528 wrote to memory of 3672	1528	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\694b95319c984182dde3fbf907dd5eb897c8c34a6258df2e3e39abc41c6ed33a.dll,#1
  2⤵
  - Drops file in System32 directory
  PID:3672