98c922e1c411960db91674b28cd610c942f95321cd6efbe1bcef98397ae72e34

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 09:02

Target

98c922e1c411960db91674b28cd610c942f95321cd6efbe1bcef98397ae72e34.dll
Size

144KB
MD5

c64f474c0d5f9ec4f3233a92d0c64f73
SHA1

6e0004ce7537b9066357b9dc279c1d5785073e91
SHA256

98c922e1c411960db91674b28cd610c942f95321cd6efbe1bcef98397ae72e34
SHA512

a2eb2846a81a0d6b4f67f881ebeca7396ce1a511048529e4bd564301003c6ce1a9727e908d46c65447b3db505409604d473910a60cbfe48fabff54c5c1774ddb
SSDEEP

3072:EVkVsDLBK9GvLiPyp5IYFCmpWcpp+1pZmlXk1Fq5E4O5qp5O5uc:+DLBKYj+ygCVPqpAXLk5qp88c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4700 wrote to memory of 1580	4700	rundll32.exe	82
PID 4700 wrote to memory of 1580	4700	rundll32.exe	82
PID 4700 wrote to memory of 1580	4700	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98c922e1c411960db91674b28cd610c942f95321cd6efbe1bcef98397ae72e34.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98c922e1c411960db91674b28cd610c942f95321cd6efbe1bcef98397ae72e34.dll,#1
  2⤵
  PID:1580