d16ca08542095c7d6854b9f4b3d6b651889efd2f292e659deee12fd912ab9a9a

Analysis

max time kernel
204s
max time network
214s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 23:53

Target

d16ca08542095c7d6854b9f4b3d6b651889efd2f292e659deee12fd912ab9a9a.dll
Size

6KB
MD5

7e578809c17172c71ebfde145aeca000
SHA1

f8ea5cf612aa7108b95fe3d2fadfd5529afa2437
SHA256

d16ca08542095c7d6854b9f4b3d6b651889efd2f292e659deee12fd912ab9a9a
SHA512

294dd242b7db4f9d6b29256c66ebc6149c144bf75cdb9e03187b325e69d6a4fefc4e994fc4b75521bd5502e214dad4753cdad31c495bce9e1a3cd6adb80e7caa
SSDEEP

96:juNrYuJ59oAwGQUI/TQahtCl8X3pSHnmnD71gK0PO07J:juLJ/oAdQPQa2aeng7e207J

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 2836	4168	rundll32.exe	81
PID 4168 wrote to memory of 2836	4168	rundll32.exe	81
PID 4168 wrote to memory of 2836	4168	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d16ca08542095c7d6854b9f4b3d6b651889efd2f292e659deee12fd912ab9a9a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d16ca08542095c7d6854b9f4b3d6b651889efd2f292e659deee12fd912ab9a9a.dll,#1
  2⤵
  PID:2836