020b883cedc2aac3b68718a7c4e16ce8970e213b573d9d369522639c02940967

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 20:34

Target

020b883cedc2aac3b68718a7c4e16ce8970e213b573d9d369522639c02940967.dll
Size

27KB
MD5

55cae173f27e7c0d99d57d30e42ce110
SHA1

125d9ebf3a8e7e317ed7e68b0165593ccb5182df
SHA256

020b883cedc2aac3b68718a7c4e16ce8970e213b573d9d369522639c02940967
SHA512

40ab22c00302575e933b754e938bb8e83f71bd3fe3f6429f4fa19230094d3538851a03b99f15b41b6192d2f57e49cd065e285f8185c760dcc9a1680cac36d726
SSDEEP

768:ot5M90tDWFHYPXYzSNJhMMhBHoldb9kDcYL:otSGDWRYwzCgABHold3YL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1720 wrote to memory of 1300	1720	rundll32.exe	83
PID 1720 wrote to memory of 1300	1720	rundll32.exe	83
PID 1720 wrote to memory of 1300	1720	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\020b883cedc2aac3b68718a7c4e16ce8970e213b573d9d369522639c02940967.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\020b883cedc2aac3b68718a7c4e16ce8970e213b573d9d369522639c02940967.dll,#1
  2⤵
  PID:1300