a55230781a53ba04567975ff327ba7cc4f95d2593bc7bd681021738a489c5503

Analysis

max time kernel
207s
max time network
211s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:16

Target

a55230781a53ba04567975ff327ba7cc4f95d2593bc7bd681021738a489c5503.dll
Size

56KB
MD5

86cd2e5d5117fc703ff4ea354cd849da
SHA1

bb0ee3c537ce634315150c00be4b6a86e08edf3e
SHA256

a55230781a53ba04567975ff327ba7cc4f95d2593bc7bd681021738a489c5503
SHA512

16a8738418aa19964176e5244dcd16caf454345f5b43cbdd5d1f9779ec56188f915e510ec1edad330616294d69e1f4b1acb59b33260c6fa0a2aefdadad63eeaf
SSDEEP

1536:5jRmOYSdrTYGX1sYE/wGnlgzwTMMr7NYfMnBjCvRqyRfU9:xfj71sYUwGizdy7NYEnBjCvRVs9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 3876	832	rundll32.exe	84
PID 832 wrote to memory of 3876	832	rundll32.exe	84
PID 832 wrote to memory of 3876	832	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a55230781a53ba04567975ff327ba7cc4f95d2593bc7bd681021738a489c5503.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:832
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a55230781a53ba04567975ff327ba7cc4f95d2593bc7bd681021738a489c5503.dll,#1
  2⤵
  PID:3876