3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189

Analysis

max time kernel
90s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 05:51

Target

3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189.dll
Size

32KB
MD5

7f1ef06dcca4faae53cbc99d139ebbe0
SHA1

fd7745b3eb99f46c3ff39293636308a120645a5f
SHA256

3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189
SHA512

f98f7d530c2e3c12265673210a375306d3e081a853294250793d39fa789b92e1207a4176ceedb707c32d4540c1fd0efc1a5fc8fe1e0701ea407af72d6319cb6d
SSDEEP

768:7qnOeTNYmNXW/t8/lo7tRypE5hqD5SROde:7qnOerUt8a7tRQakgROY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4844 wrote to memory of 4828	4844	rundll32.exe	50
PID 4844 wrote to memory of 4828	4844	rundll32.exe	50
PID 4844 wrote to memory of 4828	4844	rundll32.exe	50

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3392de7c4e2af81af98f152e194ec98d3affb2239279ab45eff5e26b63e27189.dll,#1
  2⤵
  PID:4828