d399f6f28bf18c77f41eb32a8405070008dbf94c0c84e40f88ea376b5ff5d46b

Analysis

max time kernel
158s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:17

Target

d399f6f28bf18c77f41eb32a8405070008dbf94c0c84e40f88ea376b5ff5d46b.dll
Size

5KB
MD5

632cd6208872ac6a094ac308f72f66d0
SHA1

02e051d6fc96b1581811095955e6fb9e538bf626
SHA256

d399f6f28bf18c77f41eb32a8405070008dbf94c0c84e40f88ea376b5ff5d46b
SHA512

14a099cdca9487065c9513fea49d747ab751eedf2b6aa0481f48c60e04aea28360db3dfb32b8318a9fae6bfe5dde0a7dd36e520c9204470f7130b2c733a8bcb5
SSDEEP

96:XprYDpKnI6wJ+Ls7guyHejyn/I9l0iai+BmFD:XUcA+ggd+W/If0ifp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 924	1236	rundll32.exe	79
PID 1236 wrote to memory of 924	1236	rundll32.exe	79
PID 1236 wrote to memory of 924	1236	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d399f6f28bf18c77f41eb32a8405070008dbf94c0c84e40f88ea376b5ff5d46b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d399f6f28bf18c77f41eb32a8405070008dbf94c0c84e40f88ea376b5ff5d46b.dll,#1
  2⤵
  PID:924