4b9b2518f6274085eb60175a0a774fdf86d00a8ccdb503c9129d85d3a3aa0ce8

Analysis

max time kernel
204s
max time network
216s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:24

Target

4b9b2518f6274085eb60175a0a774fdf86d00a8ccdb503c9129d85d3a3aa0ce8.dll
Size

34KB
MD5

5e31c643e8aa5367a2f7698334a9e070
SHA1

0d7dfbaf49f25a7815e442cbe14fb349cc771b5e
SHA256

4b9b2518f6274085eb60175a0a774fdf86d00a8ccdb503c9129d85d3a3aa0ce8
SHA512

efd6316499c202d95ce86a0105883782048b8c22a6f3780d067aedc44313d722731ce0775ed776344055248acbd9be288234632b1b9111272f95a387ccb59828
SSDEEP

768:R7tXGKqr8zXfaLtzxI7rQimiNf5hqD1DRCbtrvqP:R79GCfaL47rQipkxRmtrvqP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4512 wrote to memory of 5048	4512	rundll32.exe	81
PID 4512 wrote to memory of 5048	4512	rundll32.exe	81
PID 4512 wrote to memory of 5048	4512	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b9b2518f6274085eb60175a0a774fdf86d00a8ccdb503c9129d85d3a3aa0ce8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4b9b2518f6274085eb60175a0a774fdf86d00a8ccdb503c9129d85d3a3aa0ce8.dll,#1
  2⤵
  PID:5048