a489af24e374896ccffc50da15636b225ab4f8a59afd664eb955058cf1ea756a

Analysis

max time kernel
172s
max time network
184s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:53

Target

a489af24e374896ccffc50da15636b225ab4f8a59afd664eb955058cf1ea756a.dll
Size

44KB
MD5

8b50cda8c5b3fb48416d8c15c34bfaca
SHA1

13bb52e139512e731dbdf16aedc8ea863c3d9ea0
SHA256

a489af24e374896ccffc50da15636b225ab4f8a59afd664eb955058cf1ea756a
SHA512

2c0721a2219fd3e6236d9f19c68e36c0d48090015561d4d2c1a3c8102549f468ed07915f9be6314e30459413f98e8ad32736d461751dccb239f9b12fb4574091
SSDEEP

768:qCAq0FszI1jtpXVBLLKRSux1ye4+SJiMZbfs7OHQawPWliFR3:NAq0FsktFBLa1yDfrsXlp3

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1800	2016	rundll32.exe	73
PID 2016 wrote to memory of 1800	2016	rundll32.exe	73
PID 2016 wrote to memory of 1800	2016	rundll32.exe	73

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a489af24e374896ccffc50da15636b225ab4f8a59afd664eb955058cf1ea756a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a489af24e374896ccffc50da15636b225ab4f8a59afd664eb955058cf1ea756a.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1800