5d53a253b829c73578ff07236980f6e83d8a56ec742a4ba96d0957e0b0dd9a33

Analysis

max time kernel
145s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 04:41

Target

5d53a253b829c73578ff07236980f6e83d8a56ec742a4ba96d0957e0b0dd9a33.dll
Size

32KB
MD5

fd72d8a54f3d1053edb95c2a4767419e
SHA1

87d7212039aa04bf8cf3dec2876c1bca5290fc15
SHA256

5d53a253b829c73578ff07236980f6e83d8a56ec742a4ba96d0957e0b0dd9a33
SHA512

60eba48883ad1d6f42a1c7f9dfb696067eb8af77d361c9110b2ced648237fd8a3e768610fedaef2bd2084fd1c4723fb4f072df0fab0f66a90bb80b22f0b67d76
SSDEEP

768:+2Pr8feR1Geasryxdy7pF6ozhZflIRv1qqm:+2Pr8feCezB7p8gDNIRNqv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 3036	4992	rundll32.exe	79
PID 4992 wrote to memory of 3036	4992	rundll32.exe	79
PID 4992 wrote to memory of 3036	4992	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d53a253b829c73578ff07236980f6e83d8a56ec742a4ba96d0957e0b0dd9a33.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5d53a253b829c73578ff07236980f6e83d8a56ec742a4ba96d0957e0b0dd9a33.dll,#1
  2⤵
  PID:3036