52656934f4c266ee08bbe73bb21c8685b371e12828404a2289cdc2bc5339f933

Analysis

max time kernel
151s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 21:37

Target

52656934f4c266ee08bbe73bb21c8685b371e12828404a2289cdc2bc5339f933.dll
Size

6KB
MD5

92709fde49da3c1101759e80c5992860
SHA1

bd4efb425288fc979e3bd9cbdabf5349c9ccbeea
SHA256

52656934f4c266ee08bbe73bb21c8685b371e12828404a2289cdc2bc5339f933
SHA512

0793f83029061dfb8c2dc040a9cd104a6b841a303c79d9f134fb8e439daf643f6982451e896c8b3dedc90599f58e5da93593ce881d91f46f6f7097a20c60c71c
SSDEEP

96:nGTKrYJyJ5gT9jXk9eXWI/n9e1r/CVd7p0jsnmUD7eJ3r6:nGTWJGp0UZUd6378snt7t

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1640 wrote to memory of 224	1640	rundll32.exe	82
PID 1640 wrote to memory of 224	1640	rundll32.exe	82
PID 1640 wrote to memory of 224	1640	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52656934f4c266ee08bbe73bb21c8685b371e12828404a2289cdc2bc5339f933.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52656934f4c266ee08bbe73bb21c8685b371e12828404a2289cdc2bc5339f933.dll,#1
  2⤵
  PID:224