dba2f61a5947f5e4d5828e26a276dc57ca1be27f10fa696830404f5bc9290122

Analysis

max time kernel
170s
max time network
191s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 21:46

Target

dba2f61a5947f5e4d5828e26a276dc57ca1be27f10fa696830404f5bc9290122.dll
Size

6KB
MD5

1aae7307e726d5a996c26f96a099de50
SHA1

82130416ce0d9d2970b30169c7aa9a839cc25bf4
SHA256

dba2f61a5947f5e4d5828e26a276dc57ca1be27f10fa696830404f5bc9290122
SHA512

55adac57cf25769f0830e1334e3fccf1a032b40cf249ad3b710ca4e20fac3a506b1b075b8d5c2e288ff7c3188bfa00d04a047b340d6855773006151d3563412d
SSDEEP

96:nEY2RrF1eqwi4A+wk1/fMiBq4yQE+GYP5rYcofYdpsGzDq0dGh9rDBiz:EHRh1eppAy/0iQGzD0h9vBi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1960 wrote to memory of 832	1960	rundll32.exe	82
PID 1960 wrote to memory of 832	1960	rundll32.exe	82
PID 1960 wrote to memory of 832	1960	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dba2f61a5947f5e4d5828e26a276dc57ca1be27f10fa696830404f5bc9290122.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dba2f61a5947f5e4d5828e26a276dc57ca1be27f10fa696830404f5bc9290122.dll,#1
  2⤵
  PID:832