61cc0bc46b2581b3fd67ae6b2681ef99221978329a72a9a1a01bdb76483bdf39

Analysis

max time kernel
142s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:03

Target

61cc0bc46b2581b3fd67ae6b2681ef99221978329a72a9a1a01bdb76483bdf39.dll
Size

5KB
MD5

bdca71cf2b8c463a198b219a65e79e70
SHA1

73e32e758bf5efd2dad3fa4aba5ede1b63a71330
SHA256

61cc0bc46b2581b3fd67ae6b2681ef99221978329a72a9a1a01bdb76483bdf39
SHA512

afb326b99a800d0943d857372e58bd769466e507fa405ce5a5040dd0026fc8d2f73e7578556e232d558948862ca9330b78c6d58c08aff96c257cff0af83e6d8f
SSDEEP

48:a7Q2voyT+Bt5a98toVKDpsi2OhZlB/E56klZAg5DySkkJ:qT+ZK8twKVsi2OhZlB/EagASZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4776 wrote to memory of 5112	4776	rundll32.exe	81
PID 4776 wrote to memory of 5112	4776	rundll32.exe	81
PID 4776 wrote to memory of 5112	4776	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61cc0bc46b2581b3fd67ae6b2681ef99221978329a72a9a1a01bdb76483bdf39.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\61cc0bc46b2581b3fd67ae6b2681ef99221978329a72a9a1a01bdb76483bdf39.dll,#1
  2⤵
  PID:5112