382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8

Analysis

max time kernel
92s
max time network
140s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:15

Target

382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8.dll
Size

7KB
MD5

b92d70975e9c0b312be384a1c9feef70
SHA1

877eee665ddcc1237cd8261ea231e497057174c5
SHA256

382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8
SHA512

12e969fa770f25a248f60ee4ecb9dd7b3ddbe82c44d7b9b3ff382d3a1cf634024475a13957668e54a5b8420c7132433fa4a7cecc3b975dc0b49aba3db7b07dc2
SSDEEP

96:Ts1Wnnnynnnnnnnn6nnann7nnXnnbnnKniROHfbJoNEXZef2RDGe92:YX2f9JM2Rya2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4264 wrote to memory of 5056	4264	rundll32.exe	80
PID 4264 wrote to memory of 5056	4264	rundll32.exe	80
PID 4264 wrote to memory of 5056	4264	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\382b626bc6e778650eb7685f23f949a5f483e6a4d62e7fe3b0a0222df3992eb8.dll,#1
  2⤵
  PID:5056