fe2829f1df4e9234efdc5a12f88b482fefe21d9b8c042e5507f93eb5eb6c611f

Analysis

max time kernel
154s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 15:47

Target

fe2829f1df4e9234efdc5a12f88b482fefe21d9b8c042e5507f93eb5eb6c611f.dll
Size

35KB
MD5

0d845eb12072fb7895f4ab273f701cb7
SHA1

f070a820989f1fb269591a9bcf54cec85d2be15c
SHA256

fe2829f1df4e9234efdc5a12f88b482fefe21d9b8c042e5507f93eb5eb6c611f
SHA512

fde939ef273122e50de119f27b9f4612a6fe07781a4008f788e7b8807ffa471dba0b14b247cb4eea2f5e342cb661924e3aefe7a447efa54c7dc4c4ce3c9fa1d4
SSDEEP

768:PTN2XzTjuW5TiZRfnQb74E6V5hXDHmRtqzh:7EXnjEZRPe74EAlyRo9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 3388	4576	rundll32.exe	82
PID 4576 wrote to memory of 3388	4576	rundll32.exe	82
PID 4576 wrote to memory of 3388	4576	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2829f1df4e9234efdc5a12f88b482fefe21d9b8c042e5507f93eb5eb6c611f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4576
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fe2829f1df4e9234efdc5a12f88b482fefe21d9b8c042e5507f93eb5eb6c611f.dll,#1
  2⤵
  PID:3388