00640e68f8c553e312b4ffdbb0575218e626da16c9f1910615946e456186f0f2

Analysis

max time kernel
151s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 01:42

Target

00640e68f8c553e312b4ffdbb0575218e626da16c9f1910615946e456186f0f2.dll
Size

5KB
MD5

c8f2796cd5b789425e870acc45c86e70
SHA1

f5532e1b4c36336b73ecb35bef8ad66e3e8c23bd
SHA256

00640e68f8c553e312b4ffdbb0575218e626da16c9f1910615946e456186f0f2
SHA512

935e071cac833f71e901c40c97d9bf6d7784d0c675cf297d0719151f43db7049e8e7998e324964523fe00fdf5af6512b19c9050df9c0a489a8366090bfc7ebd5
SSDEEP

96:nEY2RrF1eqwi484xb/gS9Iix2mKuQUh7IuxNEZs8uTRlwEqZ2E0:EHRh1epp84xb/gS9Iix2mKtUh7IuxNES

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2228 wrote to memory of 2116	2228	rundll32.exe	79
PID 2228 wrote to memory of 2116	2228	rundll32.exe	79
PID 2228 wrote to memory of 2116	2228	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\00640e68f8c553e312b4ffdbb0575218e626da16c9f1910615946e456186f0f2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\00640e68f8c553e312b4ffdbb0575218e626da16c9f1910615946e456186f0f2.dll,#1
  2⤵
  PID:2116