44a87e9e7a9b78959e67f2042b20505911ff12537f7b9e0968aa6c0a728b573e

Analysis

max time kernel
202s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:12

Target

44a87e9e7a9b78959e67f2042b20505911ff12537f7b9e0968aa6c0a728b573e.dll
Size

42KB
MD5

5ac519c8d96cbbdeac6e7db8ac51abb9
SHA1

cdfcf10474a53493e514d5ff3ea2de7df75e6637
SHA256

44a87e9e7a9b78959e67f2042b20505911ff12537f7b9e0968aa6c0a728b573e
SHA512

1b0e5c11ddf0456b68c42cd6a7f69ac1286fb6c3086fefed81b3f93fa9f8a93286aeaaa5f6d1c466dd8f54d90c9f748bd3b9f84ff289f3d64ab60bbe23735dd9
SSDEEP

768:2LlN1HMLNMXQ0dYNkDBWsrtvxVKfEcporVOnOouNOAfxW9OLpU:2LOJMXV60BWaJKfEcp8VeXYTfdFU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 3948	3896	rundll32.exe	81
PID 3896 wrote to memory of 3948	3896	rundll32.exe	81
PID 3896 wrote to memory of 3948	3896	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44a87e9e7a9b78959e67f2042b20505911ff12537f7b9e0968aa6c0a728b573e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44a87e9e7a9b78959e67f2042b20505911ff12537f7b9e0968aa6c0a728b573e.dll,#1
  2⤵
  PID:3948