a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9

Analysis

max time kernel
91s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 10:33

Target

a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll
Size

5KB
MD5

a08e2afc9688d27f6a971b98e3726ed0
SHA1

8e642e97178931b99ce34234cf7b4badac2ee917
SHA256

a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9
SHA512

06b9bd45fc3837d2991faff56a64771ca055f82e964c5ecf6f1ec1218acfea36b09cf324e8fa25b8458b97f04b63bc940b1e05caa67822e0bac820acc329684a
SSDEEP

96:R6Di6iiGIaXowjJj8KE7milmQ1k6GsvvV0DB5UVMecBsSDo4l4k0cWPBH:R6+a1eSK+VSDcmFRc5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1688 wrote to memory of 4804	1688	rundll32.exe	81
PID 1688 wrote to memory of 4804	1688	rundll32.exe	81
PID 1688 wrote to memory of 4804	1688	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a149cab12d0de3cf1210526c7f9375dde0505889a840c3f640829ec4a4ad5fd9.dll,#1
  2⤵
  PID:4804