a545a3b6ac1f8121395d3a90fe15da672f02c1fc5a977c749476fd20fac0a2f4

Analysis

max time kernel
146s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:25

Target

a545a3b6ac1f8121395d3a90fe15da672f02c1fc5a977c749476fd20fac0a2f4.dll
Size

93KB
MD5

8d96e62c7c4ec0aaf2a215b202c0cc2a
SHA1

d1245efbce4fe8e097752b419e305273eca1b4e4
SHA256

a545a3b6ac1f8121395d3a90fe15da672f02c1fc5a977c749476fd20fac0a2f4
SHA512

d31d540c85ecda0041d3cb1ce4e8f95c978c9583972916b862c401d1deddac6a72464ef33a649cc163fb9e6403f739cdd97ea668378351fd72748f0afcb26287
SSDEEP

1536:Xrj2DTisS3kalQRUCBz9J3r7SXEmLyF9NjwhmBisnUgkbLf:v2DTv1alQyCBz9JX0DiNkhTsnFkbLf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 1668	3668	rundll32.exe	78
PID 3668 wrote to memory of 1668	3668	rundll32.exe	78
PID 3668 wrote to memory of 1668	3668	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a545a3b6ac1f8121395d3a90fe15da672f02c1fc5a977c749476fd20fac0a2f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a545a3b6ac1f8121395d3a90fe15da672f02c1fc5a977c749476fd20fac0a2f4.dll,#1
  2⤵
  PID:1668