abd568cd0556d431b3797c0708e2679ccb827e0afb3a8380028a9d7ba2582ac7

Analysis

max time kernel
165s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 02:03

Target

abd568cd0556d431b3797c0708e2679ccb827e0afb3a8380028a9d7ba2582ac7.dll
Size

6KB
MD5

db040addc9954d9b4d080c2a3d8ede50
SHA1

53602332884c315e549ae93466929ed8c501da8c
SHA256

abd568cd0556d431b3797c0708e2679ccb827e0afb3a8380028a9d7ba2582ac7
SHA512

0bf6f24fb4d70c5e532c7c83ef5ceeaff1e7cfb0349c029718983724ec88c4b27de0c1a96828a0b8038052e15a6ec2b6968d189cd4f51ae4d77c8ee2a187e161
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROd2FnLFPiFLFGiFBhJRfF44GZMFME:YXNnJPcJGcBhJRfF44GZCMCZPR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4992 wrote to memory of 4580	4992	rundll32.exe	81
PID 4992 wrote to memory of 4580	4992	rundll32.exe	81
PID 4992 wrote to memory of 4580	4992	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abd568cd0556d431b3797c0708e2679ccb827e0afb3a8380028a9d7ba2582ac7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abd568cd0556d431b3797c0708e2679ccb827e0afb3a8380028a9d7ba2582ac7.dll,#1
  2⤵
  PID:4580