93d0407e8bb70b4d7a86cdd96f79d627a1f5efc759f4390751dd24c360d75eac

Analysis

max time kernel
159s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 21:57

Target

93d0407e8bb70b4d7a86cdd96f79d627a1f5efc759f4390751dd24c360d75eac.dll
Size

41KB
MD5

2bd7575c0fdc0510218bba92e9d4285d
SHA1

54029578db967dbdf841be5059b5c9f58d90ac79
SHA256

93d0407e8bb70b4d7a86cdd96f79d627a1f5efc759f4390751dd24c360d75eac
SHA512

45ea9dc74814cb17f8dca93e008254e4fa2a8a905c1c9bdaba4efb007e05c626efbfc90c5a6735d6829a2ee18268ee7d6f62e4fb0f40862860b9b9af5782ad3f
SSDEEP

768:0qFJ/shnsOLJoxA9U7g/cb77iQS6NYPprJkfWBORiZa7:0qcnsOL+r7gS77ixLaaORiZO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1900 wrote to memory of 2240	1900	rundll32.exe	80
PID 1900 wrote to memory of 2240	1900	rundll32.exe	80
PID 1900 wrote to memory of 2240	1900	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\93d0407e8bb70b4d7a86cdd96f79d627a1f5efc759f4390751dd24c360d75eac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\93d0407e8bb70b4d7a86cdd96f79d627a1f5efc759f4390751dd24c360d75eac.dll,#1
  2⤵
  PID:2240