699a52e5de7c393848a5c2ddfbeaee85103e9398a78ef10fb8eb8686b5f02bf4

Analysis

max time kernel
116s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 23:50

Target

699a52e5de7c393848a5c2ddfbeaee85103e9398a78ef10fb8eb8686b5f02bf4.dll
Size

4KB
MD5

fa8d2112e8a96ce6a93651a7994b2ae0
SHA1

d9137778af615de9d02658ca9cd2536564f50fd7
SHA256

699a52e5de7c393848a5c2ddfbeaee85103e9398a78ef10fb8eb8686b5f02bf4
SHA512

30bc1b9e13afd3c8e916e5b7754764acc5944e72a874236e30a6e7d4500acea45d6167e5353d59418e52e927c0f3de0eb74d79cfc0481d1f4b88da32924846a8
SSDEEP

48:qHupGeMcCB96DrhWHR0FiIsipZlM+u+eAPMDQHpyuLv6omcUYDay:PMXB0rw0MI/pwbd0UWT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 3820	5080	rundll32.exe	80
PID 5080 wrote to memory of 3820	5080	rundll32.exe	80
PID 5080 wrote to memory of 3820	5080	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\699a52e5de7c393848a5c2ddfbeaee85103e9398a78ef10fb8eb8686b5f02bf4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\699a52e5de7c393848a5c2ddfbeaee85103e9398a78ef10fb8eb8686b5f02bf4.dll,#1
  2⤵
  PID:3820