931f424f5b8796923e24c4da68d1da062fcc122f608c74359cbefd76801a1ca3

Analysis

max time kernel
92s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 00:37

Target

931f424f5b8796923e24c4da68d1da062fcc122f608c74359cbefd76801a1ca3.dll
Size

6KB
MD5

a161778f4ab31ed65c5ff7bc7542ee50
SHA1

0df875d902d338015a2426db362ff294a3f53c84
SHA256

931f424f5b8796923e24c4da68d1da062fcc122f608c74359cbefd76801a1ca3
SHA512

2de8ba81abfd5f0fedc05d6759de78413032e0f3b0bdb1c447ed8eef109a54509ca909b4096875dc02a67736d14907159aeec7bed0782f77d64227ca87e914f6
SSDEEP

96:nGTKrYJyJ5gT9jXk9eXWI/n9e1r/CVd7p0jsnmUD7D78kR:nGTWJGp0UZUd6378snt7UkR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1632 wrote to memory of 4084	1632	rundll32.exe	78
PID 1632 wrote to memory of 4084	1632	rundll32.exe	78
PID 1632 wrote to memory of 4084	1632	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\931f424f5b8796923e24c4da68d1da062fcc122f608c74359cbefd76801a1ca3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\931f424f5b8796923e24c4da68d1da062fcc122f608c74359cbefd76801a1ca3.dll,#1
  2⤵
  PID:4084