3124e654fb31bc891e5e190b62fb0bdf4ab77c50e46fac996134e2bba7786880

Analysis

max time kernel
138s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 03:20

Target

3124e654fb31bc891e5e190b62fb0bdf4ab77c50e46fac996134e2bba7786880.dll
Size

63KB
MD5

59e58ae0f6659042dc0c53b20a908060
SHA1

249d151223e25ffa2e9c2e9f61ee2ecddff670f8
SHA256

3124e654fb31bc891e5e190b62fb0bdf4ab77c50e46fac996134e2bba7786880
SHA512

d50d60f9f549dc122469dd691f8e78c1706f96ce633242078681fb0b5b93c598d66e7979ebf6e98ce3c7807f7aea6d1e265b2e5d4af664a9a536dae0607a4df7
SSDEEP

1536:4sKXEPSsedx9Om+Q4UMRqgITdfgAKXykmcmNh2xus5M:NHCEQ6wx1gAKXV+NhET5M

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4452 wrote to memory of 964	4452	rundll32.exe	84
PID 4452 wrote to memory of 964	4452	rundll32.exe	84
PID 4452 wrote to memory of 964	4452	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3124e654fb31bc891e5e190b62fb0bdf4ab77c50e46fac996134e2bba7786880.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3124e654fb31bc891e5e190b62fb0bdf4ab77c50e46fac996134e2bba7786880.dll,#1
  2⤵
  PID:964