15f9d605d5efa9ac43c47bc79ff0f74f5c45edb74734748060111de622e75a78

Analysis

max time kernel
295s
max time network
416s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 06:31

Target

15f9d605d5efa9ac43c47bc79ff0f74f5c45edb74734748060111de622e75a78.dll
Size

336KB
MD5

2376d3df83055162f04fa03cc854ad20
SHA1

0e17208c1314c35ce3569531e3666afe721620e6
SHA256

15f9d605d5efa9ac43c47bc79ff0f74f5c45edb74734748060111de622e75a78
SHA512

f8ec4b3be097275aaa721f1bc4e7b3ca1140bc1c59af20dcb094bb46636056de1679a916a6a4195a8cd6cfa72fda4b725ee00c7ffe24963f952707a80bd8c9a0
SSDEEP

6144:aujMJQk2s7WOiT7/OIqVVAjiHsi+5cBORCv5zm5:aujMJQ/siOk/OHAjiFBORCv+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 3436	4932	rundll32.exe	79
PID 4932 wrote to memory of 3436	4932	rundll32.exe	79
PID 4932 wrote to memory of 3436	4932	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15f9d605d5efa9ac43c47bc79ff0f74f5c45edb74734748060111de622e75a78.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15f9d605d5efa9ac43c47bc79ff0f74f5c45edb74734748060111de622e75a78.dll,#1
  2⤵
  PID:3436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x498
1⤵
PID:3756