bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6

Analysis

max time kernel
189s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 19:58

Target

bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6.dll
Size

58KB
MD5

718e7aeb2ff42ee5ac8873582306d262
SHA1

1df6a8a1cf8535f8ac406b2555dea7b691cf7e35
SHA256

bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6
SHA512

bbd64c05fe1dee27d5be05991a30aba219de33903180f43f5ca3a5dd11d3df17da849206492f407666d89a1e219286a764205158e33c5eb63d401cfaa7cafb94
SSDEEP

1536:1zExMwCGQ2jxorfAH0pqbGmgdqPvhz4SkIdqj8nGll:1I+wCGvdocYjmxhzBo4nGll

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 220	3172	rundll32.exe	84
PID 3172 wrote to memory of 220	3172	rundll32.exe	84
PID 3172 wrote to memory of 220	3172	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad3999d54232f66b81278953fd39a3f9425d07459b22eba3d5a1ce5191f4fe6.dll,#1
  2⤵
  PID:220