14bc5d1ea0446c5b69b46f8f2e1f2eafadf5d4dcc61e24c7e16c2e1373485042

Analysis

max time kernel
153s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 21:06

Target

14bc5d1ea0446c5b69b46f8f2e1f2eafadf5d4dcc61e24c7e16c2e1373485042.dll
Size

33KB
MD5

99a5091d61822f0d629c54cb08bc9f90
SHA1

8d054c6982c76054d690464c41aed322834e28af
SHA256

14bc5d1ea0446c5b69b46f8f2e1f2eafadf5d4dcc61e24c7e16c2e1373485042
SHA512

a9c7561b70018e4ba0f2ec94f3bb88291ef050b44c18cc7cc5d0f0cf9d8ea6d161fda9021b5b55bcca9ac52b6e2f0729d1aa2176dd58961570de33c22e42d00d
SSDEEP

768:h+OuA6LwO0o5xPa1kHNNv7or7tB7cOZivRtv/5:YOuA6LBxPxt17or7sTvRtvR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4844	2232	rundll32.exe	79
PID 2232 wrote to memory of 4844	2232	rundll32.exe	79
PID 2232 wrote to memory of 4844	2232	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14bc5d1ea0446c5b69b46f8f2e1f2eafadf5d4dcc61e24c7e16c2e1373485042.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\14bc5d1ea0446c5b69b46f8f2e1f2eafadf5d4dcc61e24c7e16c2e1373485042.dll,#1
  2⤵
  PID:4844