4efb60bd7c3235d0b65438529a01d766eba9153e3a2f0f994cef33f44654c982

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:11

Target

4efb60bd7c3235d0b65438529a01d766eba9153e3a2f0f994cef33f44654c982.dll
Size

6KB
MD5

546d6dd3c4991bde66bcf9ebb90f8130
SHA1

516a76d1a6ef7d91d2ac33f6294cc0e58e79ea70
SHA256

4efb60bd7c3235d0b65438529a01d766eba9153e3a2f0f994cef33f44654c982
SHA512

241e38f922972945a746ab27d4febc25dba49ed0614b8d22de69fdfa556350b9fd1c5bc1511184301094175396ac99df8cfee8d6545d0684eb8ced8d98d1f1d2
SSDEEP

96:z0/gPtJrYmVjGwd+8blPDDDDDDDDEZSoGy7QzUllkUJhVx30p:FTiS+siZ5GyUiOUvP30

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 488 wrote to memory of 3672	488	rundll32.exe	78
PID 488 wrote to memory of 3672	488	rundll32.exe	78
PID 488 wrote to memory of 3672	488	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4efb60bd7c3235d0b65438529a01d766eba9153e3a2f0f994cef33f44654c982.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4efb60bd7c3235d0b65438529a01d766eba9153e3a2f0f994cef33f44654c982.dll,#1
  2⤵
  PID:3672