f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:29

Target

f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll
Size

56KB
MD5

6e72520a70b1b051de58366d1aa236a0
SHA1

97e4c6f1806d621a44d24dddaa2f7e2dbaf81e6e
SHA256

f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d
SHA512

c60b9d4ea3dbcb821f4a48ff3b42bcdf777df4de3577c2df348f69921a541a7eecfe3573baf36a58977db9edd18776a5b22401f1407bc0310a9a2f9794d8a657
SSDEEP

1536:kjRUjsK3W8jkG3TaBrGqNwa8n0wZkXzt+JSJ91gLV:kF2sK7gG3TaBCqGLrSkc91MV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4856	4804	rundll32.exe	80
PID 4804 wrote to memory of 4856	4804	rundll32.exe	80
PID 4804 wrote to memory of 4856	4804	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a5065dd4a162bf3a5d91e7521bb89ac2b6379d7e7abe1ad8e70e143289338d.dll,#1
  2⤵
  PID:4856