57c91b9859f056399acb0c4df64466fa026a6e4d33e8b496349f5a4df5fe2808

Analysis

max time kernel
159s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 01:58

Target

57c91b9859f056399acb0c4df64466fa026a6e4d33e8b496349f5a4df5fe2808.dll
Size

33KB
MD5

b313374f333c9eb47eaf1e7b312d3b20
SHA1

5ffe94d4de787a1e0452d2d8754cc108dd6324dd
SHA256

57c91b9859f056399acb0c4df64466fa026a6e4d33e8b496349f5a4df5fe2808
SHA512

4215f478135b31253c1df125db858fae5ecbae424a22dd5de296c792c66c3c502ed735dd461ab5d46eb7ca8a508fbd1aecfde60214a10d187c200a05524c0ef4
SSDEEP

768:OOsLdwWpo5YPa1kHNNv7orpGhB7cOplvRs5:3sLdcYPxt17orpGYUvR2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1752 wrote to memory of 3112	1752	rundll32.exe	83
PID 1752 wrote to memory of 3112	1752	rundll32.exe	83
PID 1752 wrote to memory of 3112	1752	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c91b9859f056399acb0c4df64466fa026a6e4d33e8b496349f5a4df5fe2808.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1752
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\57c91b9859f056399acb0c4df64466fa026a6e4d33e8b496349f5a4df5fe2808.dll,#1
  2⤵
  PID:3112