9f09f7a7b13f3dd9344ef11f7cb1fe46ca9af91778c85c76292040e117c18127

Analysis

max time kernel
82s
max time network
132s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 08:49

Target

9f09f7a7b13f3dd9344ef11f7cb1fe46ca9af91778c85c76292040e117c18127.dll
Size

70KB
MD5

edf2c5b157b957e603305a4ecd1292ed
SHA1

f110b891dfc1ef0ee8dfcc2f798f9ee054b9bb87
SHA256

9f09f7a7b13f3dd9344ef11f7cb1fe46ca9af91778c85c76292040e117c18127
SHA512

ff25a93dfc7b4b7614374e0210d3f20f24be7f95a629bc975ef0db82c3b54ec64b080938a3feb505efb626d6a2105a63111804b3f1541326925d4da2a87d3272
SSDEEP

1536:F05nIrdaSb5zlVxQICCcZOAK02KLxgBoI3nzhu1jQQmaOjKuL6:25IZaMzlVzhnnyCBoIkUEOOuL6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 1316	1772	rundll32.exe	84
PID 1772 wrote to memory of 1316	1772	rundll32.exe	84
PID 1772 wrote to memory of 1316	1772	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f09f7a7b13f3dd9344ef11f7cb1fe46ca9af91778c85c76292040e117c18127.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9f09f7a7b13f3dd9344ef11f7cb1fe46ca9af91778c85c76292040e117c18127.dll,#1
  2⤵
  PID:1316