76802b01962842534cd0e93878bb1a2b12cc7d6d81f03afcc102dcaee7c64f90

Analysis

max time kernel
103s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 03:18

Target

76802b01962842534cd0e93878bb1a2b12cc7d6d81f03afcc102dcaee7c64f90.dll
Size

61KB
MD5

6aba3a5356b8e63a609bf230c56691a4
SHA1

3c53169cc3f1bb31aa7e3f893dbd0c7441bfc52d
SHA256

76802b01962842534cd0e93878bb1a2b12cc7d6d81f03afcc102dcaee7c64f90
SHA512

e8cf100a369dbad38c74e96f7eec12d9b950a64420d3316bbf7381d6cf349f8f7c925effdd247cb1d98760bc828504e2fd66d18ea459260c78f8246b46de064a
SSDEEP

1536:yHZ2OoCCAQLZWYSUkc2TGRFYvMB5DQZc7ciCsxLCzk/RZg2w:yHIDL8YSUkVGFdHdLEk/R/w

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 3540	3796	rundll32.exe	82
PID 3796 wrote to memory of 3540	3796	rundll32.exe	82
PID 3796 wrote to memory of 3540	3796	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\76802b01962842534cd0e93878bb1a2b12cc7d6d81f03afcc102dcaee7c64f90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\76802b01962842534cd0e93878bb1a2b12cc7d6d81f03afcc102dcaee7c64f90.dll,#1
  2⤵
  PID:3540