79421c119b0fb6d9c0d7973cb72055ef27ef6d50fec3394534f305c0001674fb

Analysis

max time kernel
159s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:22

Target

79421c119b0fb6d9c0d7973cb72055ef27ef6d50fec3394534f305c0001674fb.dll
Size

4KB
MD5

fba9ea6ac3175eb585cff31cad011a80
SHA1

ccabd12ea46ab6957b97aa164e304c2273c393ee
SHA256

79421c119b0fb6d9c0d7973cb72055ef27ef6d50fec3394534f305c0001674fb
SHA512

5e31396af9570460973461665163aa24bc18be3009b14567297c6e4c9e1d6126de28c4ffd36310eb616dee60575fc99e47bf6e16fac489998448fb9d90e0605e
SSDEEP

24:e1GSYL3CeLA9/kPVCRVtc44MnXz+iM2u8kypgyXwVQwA3HdQz7uPgqUYtWf4jipF:SKLA9oyTnXz+ihZjumtQ1k6U3uzMUr/P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1472 wrote to memory of 4616	1472	rundll32.exe	81
PID 1472 wrote to memory of 4616	1472	rundll32.exe	81
PID 1472 wrote to memory of 4616	1472	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79421c119b0fb6d9c0d7973cb72055ef27ef6d50fec3394534f305c0001674fb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1472
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\79421c119b0fb6d9c0d7973cb72055ef27ef6d50fec3394534f305c0001674fb.dll,#1
  2⤵
  PID:4616