d161f989d095d0d76bfbcf2b7911f445f90e4f92fa50067f188343fc0e6917ba

Analysis

max time kernel
143s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 04:52

Target

d161f989d095d0d76bfbcf2b7911f445f90e4f92fa50067f188343fc0e6917ba.dll
Size

148KB
MD5

c69e0c555f0d4b33a4496c7b7fc678f0
SHA1

1b439a5847b7fc9403e10433184550b258724298
SHA256

d161f989d095d0d76bfbcf2b7911f445f90e4f92fa50067f188343fc0e6917ba
SHA512

4ae0bc76ebebb7c17b0ddc3392e2b0d7ea4e1d3aa7cfab0ecce30cc0eacbfaff9f274593b723d39713d829f5381a70470d4e5f61f179195b8e6a8ac1a3e71aee
SSDEEP

3072:Bj8RZ1CxofJJN3a4KUtM6MAUBwxy70zKZhorHlgMxtiSSJE2RK0IUK:BO17VbvXAVgu3tK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2964 wrote to memory of 4476	2964	rundll32.exe	83
PID 2964 wrote to memory of 4476	2964	rundll32.exe	83
PID 2964 wrote to memory of 4476	2964	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d161f989d095d0d76bfbcf2b7911f445f90e4f92fa50067f188343fc0e6917ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d161f989d095d0d76bfbcf2b7911f445f90e4f92fa50067f188343fc0e6917ba.dll,#1
  2⤵
  PID:4476