afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5

Analysis

max time kernel
216s
max time network
325s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 02:02

Target

afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll
Size

5KB
MD5

c0fd4e78e8b59f3f8717788c1c6d6fa0
SHA1

695a637f587d0c1b4c7bfac324b09078f0b4dc09
SHA256

afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5
SHA512

241f1bd170ef8559e41772843ee65638d844e44db51ce3bc4e4a8fbcb3683a8b33d31a8a706c586e85ddc2213763f3ce5b6b94d8505b1dfa8b116e8327fcedf9
SSDEEP

48:a5zdM1cSTBg0r27vTuAEKm9TffzpsNAz9y5SadOY8yw/uTAZTnHUR3Ehd:PT3r2vu9F9TfVgAzmmY8g09oEhd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 864 wrote to memory of 1772	864	rundll32.exe	81
PID 864 wrote to memory of 1772	864	rundll32.exe	81
PID 864 wrote to memory of 1772	864	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afe06297cfb0f74e93b612f46d207a71050584167c90124cee7ec2e5643a89d5.dll,#1
  2⤵
  PID:1772