d090fd08cd9adc5e4a56eb3db6951ccb21f5c3bec98bbbcab6eb609e08573833

Analysis

max time kernel
123s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 16:24

Target

d090fd08cd9adc5e4a56eb3db6951ccb21f5c3bec98bbbcab6eb609e08573833.dll
Size

144KB
MD5

dbf9410f2c1bef525681c3290ac9b664
SHA1

54b8e32459979095b9e058605a2bbdcf8d8f9418
SHA256

d090fd08cd9adc5e4a56eb3db6951ccb21f5c3bec98bbbcab6eb609e08573833
SHA512

5ba29206f03370bbd26bcfb82ec7492e7be086fd600079f49419156a3f953983e790eb2b0f5b3bcbdd8c0c5d4d6d0e1d79e4ee24b7e3a5af944fe8bf127c7330
SSDEEP

3072:gXDThSYGx8GuUJceshiiNJvX+o3vM9N6jREwIm991tQ:gHhSr8RUJs4mvSNMRpIm9Lt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4972 wrote to memory of 5008	4972	rundll32.exe	82
PID 4972 wrote to memory of 5008	4972	rundll32.exe	82
PID 4972 wrote to memory of 5008	4972	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d090fd08cd9adc5e4a56eb3db6951ccb21f5c3bec98bbbcab6eb609e08573833.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4972
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d090fd08cd9adc5e4a56eb3db6951ccb21f5c3bec98bbbcab6eb609e08573833.dll,#1
  2⤵
  PID:5008