d13add18f82c2155c19f534ed1529b44e68eef0e19ac1ea48eb0b41262c769f8

Analysis

max time kernel
144s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:18

Target

d13add18f82c2155c19f534ed1529b44e68eef0e19ac1ea48eb0b41262c769f8.dll
Size

6KB
MD5

91d56cd8839370dd5c7c7954da830b60
SHA1

3da0b2d7cfdb70fe6beddb33b7d6e437bccf4dca
SHA256

d13add18f82c2155c19f534ed1529b44e68eef0e19ac1ea48eb0b41262c769f8
SHA512

95466c43002d35c770571789ea4e4ddf5da76b437f3f89db539e378d32df76f493342aef1a8634ccc9b58ced249edbbb7f073c49662e02c545219799d9971d03
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIRWPWMQCfn7GV4BQx9:unSR6bgY+8b7o

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 4172	4972	rundll32.exe	48
PID 4972 wrote to memory of 4172	4972	rundll32.exe	48
PID 4972 wrote to memory of 4172	4972	rundll32.exe	48

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d13add18f82c2155c19f534ed1529b44e68eef0e19ac1ea48eb0b41262c769f8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d13add18f82c2155c19f534ed1529b44e68eef0e19ac1ea48eb0b41262c769f8.dll,#1
  2⤵
  PID:4172