573fc1b35a9764ba7a112a00b5e71f2d9d6d42c9f6dba0bc713bcfdc15e82116

Analysis

max time kernel
140s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:24

Target

573fc1b35a9764ba7a112a00b5e71f2d9d6d42c9f6dba0bc713bcfdc15e82116.dll
Size

46KB
MD5

6c670c08d0900bf0f7a823185e1f38f0
SHA1

8d246787b4c1950a93d749b05aabf70974c2021e
SHA256

573fc1b35a9764ba7a112a00b5e71f2d9d6d42c9f6dba0bc713bcfdc15e82116
SHA512

f6cff32075f088e0e91124851497147c8473f2d2f43499cf95c63f59971af1c0a2c878367d540f64f4a0a5c8250a2d7e7359f5e05b59e3229030d64f25d05d59
SSDEEP

768:z3OHS8KOzRMz1EZcqUbyrrbOjCIDYPBelcBOcxoGETg4/+7XL3jLAQ:yHZYtqICOrDYPBeO8c2GED/+Hf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 868 wrote to memory of 1932	868	rundll32.exe	83
PID 868 wrote to memory of 1932	868	rundll32.exe	83
PID 868 wrote to memory of 1932	868	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\573fc1b35a9764ba7a112a00b5e71f2d9d6d42c9f6dba0bc713bcfdc15e82116.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:868
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\573fc1b35a9764ba7a112a00b5e71f2d9d6d42c9f6dba0bc713bcfdc15e82116.dll,#1
  2⤵
  PID:1932