de93d25b0fa54dfc295b1eb7bee0f6c1ff5b4d3a6a84afb24b7f4c7d8d83a926

Analysis

max time kernel
112s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 02:05

Target

de93d25b0fa54dfc295b1eb7bee0f6c1ff5b4d3a6a84afb24b7f4c7d8d83a926.dll
Size

36KB
MD5

51e744c55d50d83cbeb837a6b49d3610
SHA1

13a930e95bae878eb91866e4bb98806994bb5578
SHA256

de93d25b0fa54dfc295b1eb7bee0f6c1ff5b4d3a6a84afb24b7f4c7d8d83a926
SHA512

7f70b00e5589c188e2df27f384748b3efe467f2b07b996e23c3fa7458c49e1ee07fc3b6642233908cfe088716b63028f2ad756068ba6b31b9c2618f82821cf85
SSDEEP

768:MT1BNCkK5gVGxlaZql9J1oT1cIg7/fO3+a5hCDKR4plx85/t:InNCl5X/J12y5736+4QWR4pzUV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 388	2200	rundll32.exe	80
PID 2200 wrote to memory of 388	2200	rundll32.exe	80
PID 2200 wrote to memory of 388	2200	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\de93d25b0fa54dfc295b1eb7bee0f6c1ff5b4d3a6a84afb24b7f4c7d8d83a926.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\de93d25b0fa54dfc295b1eb7bee0f6c1ff5b4d3a6a84afb24b7f4c7d8d83a926.dll,#1
  2⤵
  PID:388