a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c

Analysis

max time kernel
198s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 08:07

Target

a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c.dll
Size

44KB
MD5

cca444ea4df4c4d9ae0c44472b5f8104
SHA1

6acc2d9da1b78546a70ae6b12ec63f6ec191c1b3
SHA256

a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c
SHA512

86505e40c5284926049763139d10efac6e7787a15efbb4418e54e99d0b1da12e90b339ca6b7e64936469a1502c63e2d3b47b7bb5eef7864b67862a5c17b9ac9b
SSDEEP

384:+2y6K867Tn9i6+Xiyo07PEWUJOoH8HoI0I/YDrtuSAPcWPnovgULnYHK3GcsT:H967Tn91+SjXQoHy7YDrtiPnom5

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2244 wrote to memory of 3900	2244	rundll32.exe	82
PID 2244 wrote to memory of 3900	2244	rundll32.exe	82
PID 2244 wrote to memory of 3900	2244	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2244
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a4f9bb5d2c4d64d47fe4302452c4ce960e69984ba2c2d68481b549c4c9b5ca7c.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3900