9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 08:10

Target

9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad.dll
Size

396KB
MD5

bc21507477e42e57e8db0fdbe968ee2a
SHA1

34e09a80749bd52caac5b853c83a8b96b84a4626
SHA256

9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad
SHA512

a9d1ca1056ec9836706f4064feee62fc42d9fa40894af4da3b23513d56754268a9a595d0bb33e0b73f489effd425d665f2038c9c499db6ec2413bfe92ef18523
SSDEEP

12288:F5k73qcAv4KSRaalT1bbTRQmGERzeh4ffBN8famTI:MrQv4tRaa91bbfGERY4fpNqaUI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 3088	4376	rundll32.exe	81
PID 4376 wrote to memory of 3088	4376	rundll32.exe	81
PID 4376 wrote to memory of 3088	4376	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9aba2ac1ac2837dfff5eb0db9a23be878d59e56806c9a8963c88995c04e7e7ad.dll,#1
  2⤵
  PID:3088