244bbb8145a87a0c36a2e23d6c808e7b608eb8ab9bcff4a2d8f6aa54605941a8

Analysis

max time kernel
148s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:18

Target

244bbb8145a87a0c36a2e23d6c808e7b608eb8ab9bcff4a2d8f6aa54605941a8.dll
Size

62KB
MD5

5feed7ef238fed54c7bdec9d34666110
SHA1

53a09e99969b60c2a4cd08155f6328e1c0c31317
SHA256

244bbb8145a87a0c36a2e23d6c808e7b608eb8ab9bcff4a2d8f6aa54605941a8
SHA512

2c3c13d0f32acf740308509679be0e9a48167359a95a8e465a910dc6783d0a19af444b2910ee91bb4698f145341de857b1dbe3fd1fbef72f0ac10756acf2d6ef
SSDEEP

1536:2LOJMXV6Q0E3Vu/Hvbzue5IJWVW+DosCsCvCH:2rko4HbieEMJosCU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 4732	3104	rundll32.exe	84
PID 3104 wrote to memory of 4732	3104	rundll32.exe	84
PID 3104 wrote to memory of 4732	3104	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\244bbb8145a87a0c36a2e23d6c808e7b608eb8ab9bcff4a2d8f6aa54605941a8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\244bbb8145a87a0c36a2e23d6c808e7b608eb8ab9bcff4a2d8f6aa54605941a8.dll,#1
  2⤵
  PID:4732