4fad5528259a4699ce900a679c3a537558cf7b1d0873f983a5f234861ec43344

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:24

Target

4fad5528259a4699ce900a679c3a537558cf7b1d0873f983a5f234861ec43344.dll
Size

47KB
MD5

f83c44f79e180b65cdd1cd9002d7d130
SHA1

57b02ea21007c49cc39067f057e146ee981f04cb
SHA256

4fad5528259a4699ce900a679c3a537558cf7b1d0873f983a5f234861ec43344
SHA512

50629f121702d7f7d0f5b3666aa60b80ac3d527e1c6f18b9bd1ed6b33a51b80019cced4dbfd27feb7f9e04d833821067c8f4171ed5b49f738ec27305d2e51a23
SSDEEP

768:z3OHS8KOzWve5/bTzjVKvPM5KFtukKuGmOcPpkKy4zfrsfOIcvzcHOPi+jU:yHZ6vMnzjVK3Mi4XC5kYvzDaAU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1284 wrote to memory of 4880	1284	rundll32.exe	81
PID 1284 wrote to memory of 4880	1284	rundll32.exe	81
PID 1284 wrote to memory of 4880	1284	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fad5528259a4699ce900a679c3a537558cf7b1d0873f983a5f234861ec43344.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4fad5528259a4699ce900a679c3a537558cf7b1d0873f983a5f234861ec43344.dll,#1
  2⤵
  PID:4880