38d0fa8eba5b552667850958677e6ddd78d1b39c76779c882b86440cfed06da1

Analysis

max time kernel
38s
max time network
346s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:05

Target

38d0fa8eba5b552667850958677e6ddd78d1b39c76779c882b86440cfed06da1.dll
Size

68KB
MD5

60050931853bc76c125f556e1b463ba0
SHA1

d8e2f56773125e7e154f21fe7b65a37fa38101ca
SHA256

38d0fa8eba5b552667850958677e6ddd78d1b39c76779c882b86440cfed06da1
SHA512

95b83b75598e4a9313bb1ff9ff22258a900765ae64cb74de8e13abbeb2ff1122f8d0289ab0b2ef7fbd39b7d7a894577c6eb5371f7d635f8b27cf1e87ecf26fad
SSDEEP

1536:bycff5G72UaJDTqnHjE+QGCIx3Bxo5dZkDxTd:Rff5PUmGl9Bxo5dmlT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3528 wrote to memory of 2876	3528	rundll32.exe	80
PID 3528 wrote to memory of 2876	3528	rundll32.exe	80
PID 3528 wrote to memory of 2876	3528	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\38d0fa8eba5b552667850958677e6ddd78d1b39c76779c882b86440cfed06da1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\38d0fa8eba5b552667850958677e6ddd78d1b39c76779c882b86440cfed06da1.dll,#1
  2⤵
  PID:2876