a28c4d0d27010ac8dde3194d7349c70b2cbe29e4ae9d9d6ccb1f3a272338830f

Analysis

max time kernel
331s
max time network
402s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 22:35

Target

a28c4d0d27010ac8dde3194d7349c70b2cbe29e4ae9d9d6ccb1f3a272338830f.dll
Size

4KB
MD5

0c820f27f8201ed6f05b5a7f7a7933f0
SHA1

4e0ada2d717361dcb85736a874fecd8b5809dd62
SHA256

a28c4d0d27010ac8dde3194d7349c70b2cbe29e4ae9d9d6ccb1f3a272338830f
SHA512

db586066682b26f96b88286ab2cffbde20cb477b042da563c86cbbbc336773b7c101123a52ddb400eececb0c9a7a7e9ea6d60f73045861a0e74243025c16fd53
SSDEEP

48:a5zdM1cSTBg0r27vTuAEK6KfFGvXiDbeX9Jkz1mhCuvzGXukDs:PT3r2vu9MfIvieXjt+ub

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4152 wrote to memory of 3184	4152	rundll32.exe	80
PID 4152 wrote to memory of 3184	4152	rundll32.exe	80
PID 4152 wrote to memory of 3184	4152	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a28c4d0d27010ac8dde3194d7349c70b2cbe29e4ae9d9d6ccb1f3a272338830f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4152
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a28c4d0d27010ac8dde3194d7349c70b2cbe29e4ae9d9d6ccb1f3a272338830f.dll,#1
  2⤵
  PID:3184