d216783bd3cf5bfcb0aa7330642414540067a8aca8945f9ad4fb9b988cfa1742

Analysis

max time kernel
191s
max time network
209s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 12:30

Target

d216783bd3cf5bfcb0aa7330642414540067a8aca8945f9ad4fb9b988cfa1742.dll
Size

33KB
MD5

a01a1c3d93aa5ab76b04a5af7876f3e1
SHA1

a595e96b2bd89343c16d15c5f4b76afcb0f5e3a9
SHA256

d216783bd3cf5bfcb0aa7330642414540067a8aca8945f9ad4fb9b988cfa1742
SHA512

9124a025615c8d8573a7aa3e9bec134a00c2fe22367aca3e02a747cb74f37f0394fb47dfbd1c16da3933d92cce94cfb50bbb87e18164b71fdf5d6725b7e70d0c
SSDEEP

768:NH1vfnnoOPQmIPWW75khYOj6eqOq6FR7Sue:NVvPn0mI575khYOjoSR7Sue

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 2380	4800	rundll32.exe	79
PID 4800 wrote to memory of 2380	4800	rundll32.exe	79
PID 4800 wrote to memory of 2380	4800	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d216783bd3cf5bfcb0aa7330642414540067a8aca8945f9ad4fb9b988cfa1742.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d216783bd3cf5bfcb0aa7330642414540067a8aca8945f9ad4fb9b988cfa1742.dll,#1
  2⤵
  PID:2380