5a45c0c9437e3c8130b88f7c65ee731c82082dfeb9c7f5c2d0e658b8f9d1400d

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 18:36

Target

5a45c0c9437e3c8130b88f7c65ee731c82082dfeb9c7f5c2d0e658b8f9d1400d.dll
Size

31KB
MD5

8f21e851fb3beaeeef81c4b51fc1ddea
SHA1

c1040f5de738b43f7c1ac61982310b043d86b568
SHA256

5a45c0c9437e3c8130b88f7c65ee731c82082dfeb9c7f5c2d0e658b8f9d1400d
SHA512

8ebeed1beedb3e8e8ac0757c8aca4ce5c086dc6c0bc3734e01078e78fb8a5367bd5f61247d717cc2e9b1ff6e82bb7ef229dbf13fa533cb894d405bbdd0fb6641
SSDEEP

384:bQm2SC1b2Mplqdn7Y8jxHtMPwW/hZA3eWl9ltPd+/9bDGDn5:Em2EE8NHs3ZA3eWj1+BDc5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 4988	4648	rundll32.exe	79
PID 4648 wrote to memory of 4988	4648	rundll32.exe	79
PID 4648 wrote to memory of 4988	4648	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a45c0c9437e3c8130b88f7c65ee731c82082dfeb9c7f5c2d0e658b8f9d1400d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5a45c0c9437e3c8130b88f7c65ee731c82082dfeb9c7f5c2d0e658b8f9d1400d.dll,#1
  2⤵
  PID:4988