abf10305c60d6bb2e6c09c72f9b37c7fcb82bdb4e75088b46a2f9fe0f02e3166

Analysis

max time kernel
271s
max time network
295s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 19:41

Target

abf10305c60d6bb2e6c09c72f9b37c7fcb82bdb4e75088b46a2f9fe0f02e3166.dll
Size

72KB
MD5

440d36f48011fff4d00f02f4eadafd2e
SHA1

14d697e087b2f66a13f54ce0757d9147bc728417
SHA256

abf10305c60d6bb2e6c09c72f9b37c7fcb82bdb4e75088b46a2f9fe0f02e3166
SHA512

ec75259cdf81032d3809599971084d34fdd8cb278f823a258834d3989e0225eb41e75127a949f88b995a2de1a08b9023e8f5adb952d5f58f88093e3fc8e10e58
SSDEEP

1536:jZIcCxR7KHI4aOH7QivGaTDMfZ9tA67CjIpdqyOR8IIIzl54g9Jb:x+4oqHfvGdtx7CspdEvrzhbb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 32 wrote to memory of 3516	32	rundll32.exe	81
PID 32 wrote to memory of 3516	32	rundll32.exe	81
PID 32 wrote to memory of 3516	32	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abf10305c60d6bb2e6c09c72f9b37c7fcb82bdb4e75088b46a2f9fe0f02e3166.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:32
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abf10305c60d6bb2e6c09c72f9b37c7fcb82bdb4e75088b46a2f9fe0f02e3166.dll,#1
  2⤵
  PID:3516