36495837792b1bfbc9c15ad2cb3acd1718b2047b05fef630990d07248e851811

Analysis

max time kernel
42s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 09:22

Target

36495837792b1bfbc9c15ad2cb3acd1718b2047b05fef630990d07248e851811.dll
Size

49KB
MD5

ec2ce2a9fee9e73e866eb58883609bd0
SHA1

2e61af5ec581eb7b962f1049ae22a36f74d17cae
SHA256

36495837792b1bfbc9c15ad2cb3acd1718b2047b05fef630990d07248e851811
SHA512

ac8c3d945406dfe4ed454aee20f0171066b9d438be81e0a4d849df326d0905ce18d3d50f0e788fabf5433f1cb7e9005b95a1f1bf2b0187853cd1fc37c9b4c70e
SSDEEP

768:cUJCJpaP0D3DFvn4f5jUjYLxVIbFMD/+JonxblQ48tuOVTAss2F6Ew3P:cUAJpaaRwjUpbcGoxbwuOVd8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2680 wrote to memory of 2604	2680	rundll32.exe	76
PID 2680 wrote to memory of 2604	2680	rundll32.exe	76
PID 2680 wrote to memory of 2604	2680	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36495837792b1bfbc9c15ad2cb3acd1718b2047b05fef630990d07248e851811.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2680
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36495837792b1bfbc9c15ad2cb3acd1718b2047b05fef630990d07248e851811.dll,#1
  2⤵
  PID:2604