4378038b6f6a359ba7b8bbec6d175e9243f11985bcf8921fbbefca99975e2916

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 03:27

Target

4378038b6f6a359ba7b8bbec6d175e9243f11985bcf8921fbbefca99975e2916.dll
Size

49KB
MD5

6d0f8d330b6055169cd0f8da269c4d90
SHA1

3fd8fccf39d6fa2a23b8ed015c4798c2a156aa15
SHA256

4378038b6f6a359ba7b8bbec6d175e9243f11985bcf8921fbbefca99975e2916
SHA512

308717f20abbac18aa8c8364d2fdd4c8f76de456768098e5423022886ab8ccbd465186c1c306385917b7f52baffe9ed21906534f188dd8fd878adc3c6eec5b91
SSDEEP

1536:mPO6KEVbsVP0gmQPZFafni9UBns8UBjJd900w:cMEVbsVcpQP4ni9UR3UBjJ/00w

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4648 wrote to memory of 3524	4648	rundll32.exe	80
PID 4648 wrote to memory of 3524	4648	rundll32.exe	80
PID 4648 wrote to memory of 3524	4648	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4378038b6f6a359ba7b8bbec6d175e9243f11985bcf8921fbbefca99975e2916.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4378038b6f6a359ba7b8bbec6d175e9243f11985bcf8921fbbefca99975e2916.dll,#1
  2⤵
  PID:3524