64d8a6219d33d443fe60b811773e93bc561c15a558cec359ade8b51eebd7be69

Analysis

max time kernel
91s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:35

Target

64d8a6219d33d443fe60b811773e93bc561c15a558cec359ade8b51eebd7be69.dll
Size

42KB
MD5

3ac78fb2317e9ae027ca9e695fe14770
SHA1

5da08ced46a25b5b4b3b09a8eadcb63a277273b6
SHA256

64d8a6219d33d443fe60b811773e93bc561c15a558cec359ade8b51eebd7be69
SHA512

f988f2c5d4a12b7b3f89d9742367899f87bef0b440eb4401ec0d4add2cd0f4d6064145f30d081a6e4535e88c5037244c89b156a72e3d14ee691c75b00d1bc9f5
SSDEEP

768:VlAqQidiEgzdbkpjhWToENNqDKt76mr7TKttBro7PpPJdTWBnRECriM:fA/6bgzB0FENNqCFr7TKJroBLanREC/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2292 wrote to memory of 3124	2292	rundll32.exe	81
PID 2292 wrote to memory of 3124	2292	rundll32.exe	81
PID 2292 wrote to memory of 3124	2292	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d8a6219d33d443fe60b811773e93bc561c15a558cec359ade8b51eebd7be69.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2292
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\64d8a6219d33d443fe60b811773e93bc561c15a558cec359ade8b51eebd7be69.dll,#1
  2⤵
  PID:3124