44184e2c9182f224608368d03bda966ebf8004cdaa55aaa6e55b9adc22afddcc

Analysis

max time kernel
164s
max time network
192s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:24

Target

44184e2c9182f224608368d03bda966ebf8004cdaa55aaa6e55b9adc22afddcc.dll
Size

6KB
MD5

461719075a23fc1934afdc29295e0c30
SHA1

c5c6f3ee9fbfb0fafc097980659825f780e6db2a
SHA256

44184e2c9182f224608368d03bda966ebf8004cdaa55aaa6e55b9adc22afddcc
SHA512

1a15ebe2065cc26e78d4fca2c22073f16bc61db51c47e3ae985fe513cb28c06547f6121e7c3f04a53de92e77d0bb35a1a8d3e98a8b7b869f9551af3e00c70c5c
SSDEEP

96:nGTKrYJyJ5gT9jXk9eXWI/n9e1r/CVd7p0jsnmUD7endW:nGTWJGp0UZUd6378snt76W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 3424	2248	rundll32.exe	78
PID 2248 wrote to memory of 3424	2248	rundll32.exe	78
PID 2248 wrote to memory of 3424	2248	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44184e2c9182f224608368d03bda966ebf8004cdaa55aaa6e55b9adc22afddcc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44184e2c9182f224608368d03bda966ebf8004cdaa55aaa6e55b9adc22afddcc.dll,#1
  2⤵
  PID:3424