4fb6488c740207b93cc67a4f4f2ad2ea3d3553f23c2a60b4e05ef9c5cebf4b66

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:34

Target

4fb6488c740207b93cc67a4f4f2ad2ea3d3553f23c2a60b4e05ef9c5cebf4b66.dll
Size

6KB
MD5

a1c38d87af01f2c8729632106d734d90
SHA1

7af68801f58d239930f31f592170f1206737c61d
SHA256

4fb6488c740207b93cc67a4f4f2ad2ea3d3553f23c2a60b4e05ef9c5cebf4b66
SHA512

25a9c43beec7a4598fca11cab45e0de696be78063b7dd0e220401cf53dba4cbc8da9d407c9ba06babb82a29c95de2860321d7ba4c67fee0bc9262bed93448535
SSDEEP

48:Ss0vOiamaF9wJqkECrhWR00scqn6dXzqyZn6w4hlUfpIr2K+h/6dVYD:z0I9wZLrY0/S+s94hlttTYD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4188 wrote to memory of 5104	4188	rundll32.exe	81
PID 4188 wrote to memory of 5104	4188	rundll32.exe	81
PID 4188 wrote to memory of 5104	4188	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fb6488c740207b93cc67a4f4f2ad2ea3d3553f23c2a60b4e05ef9c5cebf4b66.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fb6488c740207b93cc67a4f4f2ad2ea3d3553f23c2a60b4e05ef9c5cebf4b66.dll,#1
  2⤵
  PID:5104