059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6

Analysis

max time kernel
342s
max time network
420s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 14:26

Target

059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6.dll
Size

147KB
MD5

577ec6b298ca7eedc4f3ef5140d3177d
SHA1

11ad3d415d1909c105cbd041831bc2a479a074b7
SHA256

059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6
SHA512

ca41d26057d8bfeb63d45a8783cec41471b3a7e0fa9d31e76ed168ab2b5952af901a30020cec92a8c4b9f0f7964bcefc37f7e1cb9482a25355265e91de0cc3db
SSDEEP

3072:EI71lBxAIgxq5csSI6+2PtSJ6By2XaBP1ZlaV75:0qOsPJcXcRaV75

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 224 wrote to memory of 4984	224	rundll32.exe	79
PID 224 wrote to memory of 4984	224	rundll32.exe	79
PID 224 wrote to memory of 4984	224	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\059820ca892d239d6146101bf2a460340fb9b9c7b3b6d5092f26a820e8d0d8f6.dll,#1
  2⤵
  PID:4984