091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59

Analysis

max time kernel
151s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05-12-2022 11:28

Target

091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59.dll
Size

6KB
MD5

c494db1999e70e9eef79a900d5503780
SHA1

01aa37dc020a77ee65ffafde5746f0fa96c3d369
SHA256

091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59
SHA512

c536e985f138fd3ea2ddfaf0270935a0ca16884149d7aee5b9fc9371599cc905645fb74502b8214261e28015ede2dc7f30218f7b269e85f803049b7f39531e36
SSDEEP

96:nEY2RrF1eqwi4XAufF+Aywx0TofswcFxIue3EjrYpCNyi1a:EHRh1eppwy30Fw7ujjryCYi1a

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3964 wrote to memory of 4868	3964	rundll32.exe	84
PID 3964 wrote to memory of 4868	3964	rundll32.exe	84
PID 3964 wrote to memory of 4868	3964	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3964
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\091123894fc13d64b31fe9de2a45640e40efc805426638a33243f3818046cc59.dll,#1
  2⤵
  PID:4868