4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45

Analysis

max time kernel
189s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 19:24

Target

4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45.dll
Size

51KB
MD5

d985dfd694e1e3219e2af299eb8de040
SHA1

a1a1f0f0efbf0ce59c2aa6a271cd58ee587a506f
SHA256

4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45
SHA512

e4974d6e6943e3e0d331f606fe8b20591217302757b23e8064ca6ffbfc08094ada902d08a82cf9497c2f8789582cc8293f2f020c1c93fa7fda6e9253a44e8641
SSDEEP

1536:yHZ6NZRR40owqzzPGFpkaLiCGL6mrBd15j:yH43RJowcTwzcd1h

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4308 wrote to memory of 1740	4308	rundll32.exe	83
PID 4308 wrote to memory of 1740	4308	rundll32.exe	83
PID 4308 wrote to memory of 1740	4308	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fc38f5761a2d6ce80d370ff62f7bad4f1fc148c20bc02107ffc8e9d5e9e7e45.dll,#1
  2⤵
  PID:1740