f1dc7a6f52b1caf67a0b4f2f54be84fc76e8f7b5b91469ef81355b2611e0f899

Analysis

max time kernel
135s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 04:00

Target

f1dc7a6f52b1caf67a0b4f2f54be84fc76e8f7b5b91469ef81355b2611e0f899.dll
Size

75KB
MD5

3adf8e8896f23fa9085f9e4369fca60c
SHA1

e403f60a2d3b29c3ce8cb7d6901c410f6f49f69d
SHA256

f1dc7a6f52b1caf67a0b4f2f54be84fc76e8f7b5b91469ef81355b2611e0f899
SHA512

f55cc99a926c501c011aaf44cb317d2cc1e19a3412ddb951a3b5931efc4ad5ee771e7529c8ee1a9cbe5b7ef8e32d8afa4dc15e2751c5ba7452da8aa1c54ab9e0
SSDEEP

1536:1zExMwCGQ2jHoF09nVUCdlHWPwcgwf+I42ut3Q7Iq6kYAy4qzJ:1I+wCGvrrDUSllwGI42uBBf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1800 wrote to memory of 1936	1800	rundll32.exe	79
PID 1800 wrote to memory of 1936	1800	rundll32.exe	79
PID 1800 wrote to memory of 1936	1800	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1dc7a6f52b1caf67a0b4f2f54be84fc76e8f7b5b91469ef81355b2611e0f899.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f1dc7a6f52b1caf67a0b4f2f54be84fc76e8f7b5b91469ef81355b2611e0f899.dll,#1
  2⤵
  PID:1936