65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227

Analysis

max time kernel
150s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:01

Target

65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227.dll
Size

5KB
MD5

dc311c2c824e4a8ea5b438aa29313860
SHA1

06b1aa81e4e7a42db3d2246be98247c143c770f2
SHA256

65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227
SHA512

a3918c899e527f4a6ae7e705e151c165710e42932d5a2b309a2b97d2e3356636beec9636495f4f01655859cc46d734161b4f16207ba37d9570f2b58931e13f8c
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqSLlqbs2LW7xd:hy859x0P8MaSs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3364 wrote to memory of 1944	3364	rundll32.exe	81
PID 3364 wrote to memory of 1944	3364	rundll32.exe	81
PID 3364 wrote to memory of 1944	3364	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\65bc8c0a07c0eb0bb5b356f61b0492e2148b650b4e2ef650bc33ea0abe152227.dll,#1
  2⤵
  PID:1944