94c92f0d3d4b57e9a257dd0febda06fe4c7469320a704652dda0fc927de9e809

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 12:07

Target

94c92f0d3d4b57e9a257dd0febda06fe4c7469320a704652dda0fc927de9e809.dll
Size

32KB
MD5

4e4371f0232842e5a7f05ccfb2500a41
SHA1

8994e894f33f66fe2b1c41c17d17663e52c07ac1
SHA256

94c92f0d3d4b57e9a257dd0febda06fe4c7469320a704652dda0fc927de9e809
SHA512

95452ec9f76c3060938700cfa26f83b453391fe4f2bebfdd48737a54168b01cc8a5c3b73efab76d87dfa9ce618f10f8df1c47766b871bc2af82d1349bcf0d7dd
SSDEEP

384:97kEhlKQWYE8Sljwxt3Zd5ax9ZQ3sV/3EzJnxdxkraGU6CF+E:9JKdQt3ZdWV/OnxQyME

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4884 wrote to memory of 532	4884	rundll32.exe	81
PID 4884 wrote to memory of 532	4884	rundll32.exe	81
PID 4884 wrote to memory of 532	4884	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\94c92f0d3d4b57e9a257dd0febda06fe4c7469320a704652dda0fc927de9e809.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4884
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\94c92f0d3d4b57e9a257dd0febda06fe4c7469320a704652dda0fc927de9e809.dll,#1
  2⤵
  PID:532