a2f9f875a022c2bd3f1cf8e3dcdbff7e132f33f3c2c6a4dd0f2ba56bbebc01aa

Analysis

max time kernel
158s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:36

Target

a2f9f875a022c2bd3f1cf8e3dcdbff7e132f33f3c2c6a4dd0f2ba56bbebc01aa.dll
Size

5KB
MD5

ad4f53ff1af63a3fa0ba91a90b14bd20
SHA1

d9cc2e40093a49c5ecc10db1d89c2aa57aa37eb3
SHA256

a2f9f875a022c2bd3f1cf8e3dcdbff7e132f33f3c2c6a4dd0f2ba56bbebc01aa
SHA512

a1a337b0f40bac67a88294b7239edaa02232cf991d53fcfe02bc7161a5714c6324d62337e50dcfc483faf268a811443ae71d890db4e156298d7169afe96f1a5d
SSDEEP

48:a5zjMTGcITBVQVE1lcQn7GMufeCIpi3nK1mnMSx/5wEdecFQHXv:iT3Qu8gD1mMSx/5h/Q3v

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2180 wrote to memory of 1960	2180	rundll32.exe	83
PID 2180 wrote to memory of 1960	2180	rundll32.exe	83
PID 2180 wrote to memory of 1960	2180	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2f9f875a022c2bd3f1cf8e3dcdbff7e132f33f3c2c6a4dd0f2ba56bbebc01aa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a2f9f875a022c2bd3f1cf8e3dcdbff7e132f33f3c2c6a4dd0f2ba56bbebc01aa.dll,#1
  2⤵
  PID:1960