7921b368d6a508ed6878c464930a0087cfe6a8919dab5f8c5552a73e6ac5b57d

Analysis

max time kernel
188s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:22

Target

7921b368d6a508ed6878c464930a0087cfe6a8919dab5f8c5552a73e6ac5b57d.dll
Size

5KB
MD5

e74bc55a3f50b3f8cfb86768bf3115c0
SHA1

ff3538a63be7c188762a3189a079bca7e41342d2
SHA256

7921b368d6a508ed6878c464930a0087cfe6a8919dab5f8c5552a73e6ac5b57d
SHA512

8d3f334d9ecfbf9bafba9e55ebbacb0d5672ac318ec1d7546e348af856e81f9a24fcc92b2e9d919567ea1e57baa07c32a593ee4aacbda4d4bdbb3e08338f5af3
SSDEEP

48:C6Vo9HBok7lYa92RranDBetlG9MgI3Pe022SagvAz6DmfibOYq9kGrNIBOVi98M6:nI2RrUeqod2jvAzEUYUkGqBOVxHY2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1068 wrote to memory of 780	1068	rundll32.exe	80
PID 1068 wrote to memory of 780	1068	rundll32.exe	80
PID 1068 wrote to memory of 780	1068	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7921b368d6a508ed6878c464930a0087cfe6a8919dab5f8c5552a73e6ac5b57d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7921b368d6a508ed6878c464930a0087cfe6a8919dab5f8c5552a73e6ac5b57d.dll,#1
  2⤵
  PID:780