c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca

Analysis

max time kernel
155s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 14:31

Target

c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca.dll
Size

7KB
MD5

b9e3b76bf12f0baa68c54efd2ec36a60
SHA1

4786d4a9d8d8663f7682119cee76845ce40de717
SHA256

c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca
SHA512

7496cddc502e3866e6d6ff65aee51cfc4b577960bd7d8b477bd87a750a2495e9346ebcb358b044e5232dad960eb114fe4ebc19301efab2b94e7b9a8d59b9320e
SSDEEP

96:z0WgPtJrYHVjGwd+SPgOPRKe08GBJanzqgnYVbFPnveFPapgI2XLO:SoiS+OPRKp8X+gsBGVayLO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1084 wrote to memory of 536	1084	rundll32.exe	80
PID 1084 wrote to memory of 536	1084	rundll32.exe	80
PID 1084 wrote to memory of 536	1084	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c61599f95c0f91375d800bd7b8a0d956e0f199ccc54f945b5c00f960a09a2bca.dll,#1
  2⤵
  PID:536