61963f7f15efd7a7418ba1cda06d6c1304815295db749d9ffb296066a588464a

Analysis

max time kernel
181s
max time network
230s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 08:39

Target

61963f7f15efd7a7418ba1cda06d6c1304815295db749d9ffb296066a588464a.dll
Size

848KB
MD5

add8afe2089be847398157237db19860
SHA1

2b82912abde83fef442c979747ee42bc3fcd7b5b
SHA256

61963f7f15efd7a7418ba1cda06d6c1304815295db749d9ffb296066a588464a
SHA512

0b1bb16159fa17c1f8df5750402c32aabf8d798a4010a22d7e0b3f8efc61ae4029dca0bbf9422948197c458b5c6a74ba14aebeb07bf68f8bbe014a45f66fa034
SSDEEP

24576:fVnGOU55c65l9rlSZuY8fzXFx0jbbC5S0i3wrRK/APCE9:NnGN5LzPqYx0jXC5ROf4PT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 744	3456	rundll32.exe	81
PID 3456 wrote to memory of 744	3456	rundll32.exe	81
PID 3456 wrote to memory of 744	3456	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61963f7f15efd7a7418ba1cda06d6c1304815295db749d9ffb296066a588464a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61963f7f15efd7a7418ba1cda06d6c1304815295db749d9ffb296066a588464a.dll,#1
  2⤵
  PID:744

memory/744-133-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download
memory/744-134-0x0000000000400000-0x00000000004DC000-memory.dmp

Filesize
880KB

Download