84f6200383eb66615845bedbc7d7c6c4a1b0687b8aaf8415f41d5386c358a59e

Analysis

max time kernel
198s
max time network
204s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 14:01

Target

84f6200383eb66615845bedbc7d7c6c4a1b0687b8aaf8415f41d5386c358a59e.dll
Size

16KB
MD5

797fc186192449657aecef0280b22a30
SHA1

2cb740f309970cad61f605ee2cf4fa1cdd862d17
SHA256

84f6200383eb66615845bedbc7d7c6c4a1b0687b8aaf8415f41d5386c358a59e
SHA512

d78b47debd032a7c19bdcf93e853aaf6b4952bbd27394cda0813c42c31bb0abdaa087a15881708ec1c4236503ce016be1a8a4429a6d5f8befa6960cea104d0af
SSDEEP

384:LtT0SWA7/GXmpUNn4iRZhAG4WvYwUmztjbRKf:JT0qmznB6rwUmRvRm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4120 wrote to memory of 4116	4120	rundll32.exe	81
PID 4120 wrote to memory of 4116	4120	rundll32.exe	81
PID 4120 wrote to memory of 4116	4120	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\84f6200383eb66615845bedbc7d7c6c4a1b0687b8aaf8415f41d5386c358a59e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\84f6200383eb66615845bedbc7d7c6c4a1b0687b8aaf8415f41d5386c358a59e.dll,#1
  2⤵
  PID:4116

memory/4116-133-0x0000000010000000-0x000000001000F000-memory.dmp

Filesize
60KB

Download