974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16

Analysis

max time kernel
194s
max time network
218s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:53

Target

974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16.dll
Size

46KB
MD5

f499743ad187ee4c1c7cc227c0ae274d
SHA1

115799e315684074f48a50bc16d8e65af064c6d9
SHA256

974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16
SHA512

fad34236e13487dc6494d59a74a1d5c43ce0899899eb4ee8119dd05b436c379fcd242c560d1819d819bf0ffdca0d47f9975bbd8bb249de5bb65546f5aa9bb27f
SSDEEP

768:GbvLDaaMact8TRf2Otog+rsU8fVaIL0wyY3LSEy5mtPDNXfuQPR0YRL2r9s:evNfHtogIP8fVank3SqZXfPR02ms

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 3208	2828	rundll32.exe	82
PID 2828 wrote to memory of 3208	2828	rundll32.exe	82
PID 2828 wrote to memory of 3208	2828	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\974004edf2d8d5262f319dc6af8726408c4c4632c2d1637f1bd6e658668b1e16.dll,#1
  2⤵
  PID:3208