9444dc1cf2c63ba2546cf581845c7625adc01e2911a62cebbc6ff8f0315d777a

Analysis

max time kernel
143s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 06:33

Target

9444dc1cf2c63ba2546cf581845c7625adc01e2911a62cebbc6ff8f0315d777a.dll
Size

37KB
MD5

4bdd589d1eda92b1bf6c59b3d959ba10
SHA1

02ad8249325aa59c95c70fc0adad10a6dbe9ca7f
SHA256

9444dc1cf2c63ba2546cf581845c7625adc01e2911a62cebbc6ff8f0315d777a
SHA512

42aca8aa429746db8d64a111f8696368d31d2422be8f3dff91dbb78c3f7c32a0b41a1bd77921325fa77373b02c7c6439d15fe1ba02c625462d27a412cc804403
SSDEEP

768:ItoC8iTBGo571TseLK97sXBj2rB8oZ7u4T:YqiTBG8pAP7ICqo9NT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3876 wrote to memory of 5092	3876	rundll32.exe	80
PID 3876 wrote to memory of 5092	3876	rundll32.exe	80
PID 3876 wrote to memory of 5092	3876	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9444dc1cf2c63ba2546cf581845c7625adc01e2911a62cebbc6ff8f0315d777a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9444dc1cf2c63ba2546cf581845c7625adc01e2911a62cebbc6ff8f0315d777a.dll,#1
  2⤵
  PID:5092