9a9a3355bdd7189ae78f5ae1583a37e0182ee6a17a1e84073fce546c9938e601

Analysis

max time kernel
147s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 08:58

Target

9a9a3355bdd7189ae78f5ae1583a37e0182ee6a17a1e84073fce546c9938e601.dll
Size

11KB
MD5

ff024bf2efe5a6d282cb9e2084c47ccf
SHA1

0641dc1213a3b51965b487e7ee1d59196ca70637
SHA256

9a9a3355bdd7189ae78f5ae1583a37e0182ee6a17a1e84073fce546c9938e601
SHA512

a2a53dde8022b07ff57ca3cd7b0a2cc7ac16737967ebd4a95a8b172e3b5947e550bcb3abba15489f81f35735e8d8aeff15a52d6449dee1f7a9ca9fa404855640
SSDEEP

192:bICV3YTxmJXGby07qSpzhXO3CUT5EfLg:bIdFaXqV7Rp1XO3CU9EfL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 1324	3044	rundll32.exe	80
PID 3044 wrote to memory of 1324	3044	rundll32.exe	80
PID 3044 wrote to memory of 1324	3044	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a9a3355bdd7189ae78f5ae1583a37e0182ee6a17a1e84073fce546c9938e601.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a9a3355bdd7189ae78f5ae1583a37e0182ee6a17a1e84073fce546c9938e601.dll,#1
  2⤵
  PID:1324