aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89

Analysis

max time kernel
329s
max time network
383s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 09:23

Target

aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89.dll
Size

72KB
MD5

0f5739034ff0fc0331c9ad49f1205eec
SHA1

4f9a1f014d366173623efae0eff0df10e182c3ac
SHA256

aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89
SHA512

1f67342aa3e20278951983b2cc6f1f76d98253341acd25b9235f7033ad42c81d1fe5d55759aeece026e34c9f5ea92f58abeaf6a798a81ede59d42fc3fc71ae49
SSDEEP

1536:QUPMadZgQ24x/tCcgQFPvXGNRfWlAPClJO:QT8KQ2K/txrt2NNClJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 620 wrote to memory of 4452	620	rundll32.exe	78
PID 620 wrote to memory of 4452	620	rundll32.exe	78
PID 620 wrote to memory of 4452	620	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\aba1ae637cf1151ae503a33962cc974bfd21140472d820d102b563a0b80f8a89.dll,#1
  2⤵
  PID:4452