c70dbd78158731d376827cd48ea91c3453d79d357a36b5c3f397fd5e1f49f381

Analysis

max time kernel
163s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 17:50

Target

c70dbd78158731d376827cd48ea91c3453d79d357a36b5c3f397fd5e1f49f381.dll
Size

7KB
MD5

2b854955730bcd532754065e395c34c0
SHA1

adf43b85605ad2540a488e92efece4bbcd2f4b4b
SHA256

c70dbd78158731d376827cd48ea91c3453d79d357a36b5c3f397fd5e1f49f381
SHA512

9c6bb676820bc7f2f9d1d2adbf07338b3b673f1d5df362b7859f27b2981daabca9a8353a06116d5f091ac6a4e298c8bb2d60bce613e55329bc42513233d76b56
SSDEEP

48:Ss0ib323grztJrhWRHnVjG5a4Uh+cxDws1uRu2xfgkD7kSCbS5uSob5yxYb5VUoD:z0JgPtJrYHVjGwd+SP0vNRDpk4xrr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2200 wrote to memory of 4260	2200	rundll32.exe	81
PID 2200 wrote to memory of 4260	2200	rundll32.exe	81
PID 2200 wrote to memory of 4260	2200	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c70dbd78158731d376827cd48ea91c3453d79d357a36b5c3f397fd5e1f49f381.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2200
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c70dbd78158731d376827cd48ea91c3453d79d357a36b5c3f397fd5e1f49f381.dll,#1
  2⤵
  PID:4260