8a6fa369b3f9ebfe49ce418b4b6b5a28b0f3f27405a806c9b148c86a307b6f37

Analysis

max time kernel
155s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 13:31

Target

8a6fa369b3f9ebfe49ce418b4b6b5a28b0f3f27405a806c9b148c86a307b6f37.dll
Size

135KB
MD5

dd4c1a9d2c3197dca9d10da6b0882b3d
SHA1

d693579278ce15acac779cbf1b50cc2a87526c67
SHA256

8a6fa369b3f9ebfe49ce418b4b6b5a28b0f3f27405a806c9b148c86a307b6f37
SHA512

12eadffe3fa855690c87011fca63685ffb54038e1f6bdc91811cabba4f7c3bad8ae8df0a8069796414fa07883f770dc8560239b173c94ab262355d8c31db5096
SSDEEP

3072:drgOG+xJ0b8v+iHipNliHS59pzZD3c5Ep5l/XGc6l7zvD+nORIi:JH882qW11N6lXb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1984 wrote to memory of 3232	1984	rundll32.exe	83
PID 1984 wrote to memory of 3232	1984	rundll32.exe	83
PID 1984 wrote to memory of 3232	1984	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a6fa369b3f9ebfe49ce418b4b6b5a28b0f3f27405a806c9b148c86a307b6f37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1984
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8a6fa369b3f9ebfe49ce418b4b6b5a28b0f3f27405a806c9b148c86a307b6f37.dll,#1
  2⤵
  PID:3232