d39f511bc1a63f61346a703e4ecbe080def53dccec19cbfcc2539f74b44c669c

Analysis

max time kernel
291s
max time network
354s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 01:30

Target

d39f511bc1a63f61346a703e4ecbe080def53dccec19cbfcc2539f74b44c669c.dll
Size

42KB
MD5

0e32cd4d49109600b94e8bc04420d5c0
SHA1

2142ee9a40278c5bed274c289d155e266266602d
SHA256

d39f511bc1a63f61346a703e4ecbe080def53dccec19cbfcc2539f74b44c669c
SHA512

2d8125113fbda12bc533943021e943cf38a256de5fe651a9daddf457e10e928f37b77a360cf7099dd738843b4b575abc96aee22ad23a5ff3cadb6a9b699626b3
SSDEEP

768:5SOasEyih9crIJVjHWgzu74rKDx7fBt7RihtgcPpPJHzWBoR87+e:5SrsPe9cYXS74rKtVt7RicIdaoR87z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 4912	1324	rundll32.exe	81
PID 1324 wrote to memory of 4912	1324	rundll32.exe	81
PID 1324 wrote to memory of 4912	1324	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d39f511bc1a63f61346a703e4ecbe080def53dccec19cbfcc2539f74b44c669c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d39f511bc1a63f61346a703e4ecbe080def53dccec19cbfcc2539f74b44c669c.dll,#1
  2⤵
  PID:4912