f3a87f6d41ec7b7c04f8ab0098e8eef55f6df9d2a460deae7a355150c3e69540

Analysis

max time kernel
90s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 11:15

Target

f3a87f6d41ec7b7c04f8ab0098e8eef55f6df9d2a460deae7a355150c3e69540.dll
Size

137KB
MD5

686aa5d12ba701774ae388c25d9e8ca0
SHA1

292918bc012b7e28bb5bf31b56df9e979da5b75a
SHA256

f3a87f6d41ec7b7c04f8ab0098e8eef55f6df9d2a460deae7a355150c3e69540
SHA512

7f4829f2bad9d6ecce47ffdfaace3c456f26f0357ef7ef892f01ef60e85b5596fd126b48ec21386e90a4e107edf45ecbb31393fc49b467c9517d2018a0474974
SSDEEP

3072:i8wA0TMD5Dqg0yN1nvAANSw8ltWoihGCyMOLySWst+fXx00IL/:i8w6D4Kotup0LWI+f0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 5016	4936	rundll32.exe	81
PID 4936 wrote to memory of 5016	4936	rundll32.exe	81
PID 4936 wrote to memory of 5016	4936	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3a87f6d41ec7b7c04f8ab0098e8eef55f6df9d2a460deae7a355150c3e69540.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f3a87f6d41ec7b7c04f8ab0098e8eef55f6df9d2a460deae7a355150c3e69540.dll,#1
  2⤵
  PID:5016