2441df8d66c411f072115e31f0d63c765dbd9380680b83a3d0b82e0af7589c29

Analysis

max time kernel
75s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 00:33

Target

2441df8d66c411f072115e31f0d63c765dbd9380680b83a3d0b82e0af7589c29.dll
Size

57KB
MD5

d7ef2df6c4c268f57f2dade9db7dd3ac
SHA1

05c2a02ab1d7391463e68efaf33a87f9a191e1e7
SHA256

2441df8d66c411f072115e31f0d63c765dbd9380680b83a3d0b82e0af7589c29
SHA512

91d93e5aeb007a813d3aac92ac272493356b77571ca88d9dffe0f7f9c2be6519ce16dd3dd044627bf7bba13fe43723a1618a3f1f96dd4b706509d581d65997a0
SSDEEP

1536:PNIKDp4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:Wqp4YU6ErtGNEKIpCT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 2344	2044	rundll32.exe	81
PID 2044 wrote to memory of 2344	2044	rundll32.exe	81
PID 2044 wrote to memory of 2344	2044	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2441df8d66c411f072115e31f0d63c765dbd9380680b83a3d0b82e0af7589c29.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2441df8d66c411f072115e31f0d63c765dbd9380680b83a3d0b82e0af7589c29.dll,#1
  2⤵
  PID:2344