550b6629b0cd1ddae159cf06bdbbf2edce366c7e2451eb5b3878d4273f46455d

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 23:08

Target

550b6629b0cd1ddae159cf06bdbbf2edce366c7e2451eb5b3878d4273f46455d.dll
Size

7KB
MD5

86fda802bd3ef45a45e6f6d88e67d100
SHA1

b517114abe7eb504ae06cd82ded9011c60032528
SHA256

550b6629b0cd1ddae159cf06bdbbf2edce366c7e2451eb5b3878d4273f46455d
SHA512

82c0b29dd4088c6096baf0acad3949b9a7128e7aab1704f1c7d568e23216f90729b423e1d7c7bbb7ab9c37690a2ed1ad026c5d8d3fb6fbb3103fdadc293a8e09
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniRO3MBJo2w1GXZFwsy54nckKk:YXIMBJo2w8XZFwsy54nckKk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4548 wrote to memory of 3208	4548	rundll32.exe	81
PID 4548 wrote to memory of 3208	4548	rundll32.exe	81
PID 4548 wrote to memory of 3208	4548	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\550b6629b0cd1ddae159cf06bdbbf2edce366c7e2451eb5b3878d4273f46455d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4548
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\550b6629b0cd1ddae159cf06bdbbf2edce366c7e2451eb5b3878d4273f46455d.dll,#1
  2⤵
  PID:3208