04f2546a8c3c350ee105eda99f39900212d9e8992af6fb9bd7c6155b168f627a

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:20

Target

04f2546a8c3c350ee105eda99f39900212d9e8992af6fb9bd7c6155b168f627a.dll
Size

4KB
MD5

d29ae9d2847f752ff7e204fb0027f410
SHA1

b5e466bf3002bdbcf923f0034537564a88e0d2f6
SHA256

04f2546a8c3c350ee105eda99f39900212d9e8992af6fb9bd7c6155b168f627a
SHA512

2992e5533aa3d0a5c83c7f689d4bce916ca5c93eb6b0ae210b62ad335a0fc610f2b5de5b06cc006253f18e12bafa5ae768f8dde59f2c2c3a06f0e6b1102ce253
SSDEEP

48:iMHGv8j2IcW89NYEArhWHR0MiiIsiI6lXVkqlcH2SuiS6o+mm98lt:PmkiIz8UZrQ0MhI/ITqly98D

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 1300	1772	rundll32.exe	84
PID 1772 wrote to memory of 1300	1772	rundll32.exe	84
PID 1772 wrote to memory of 1300	1772	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04f2546a8c3c350ee105eda99f39900212d9e8992af6fb9bd7c6155b168f627a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04f2546a8c3c350ee105eda99f39900212d9e8992af6fb9bd7c6155b168f627a.dll,#1
  2⤵
  PID:1300