c59a7cb6c8bc4349bf22e43712e6957d7c12e10cdf1383747b740b5fa916882d

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 21:15

Target

c59a7cb6c8bc4349bf22e43712e6957d7c12e10cdf1383747b740b5fa916882d.dll
Size

128KB
MD5

396d25346cf8f5868d2ab2bd438134cb
SHA1

0ad6fb95f6e5e956d0e735954db21bfdbe7a21a6
SHA256

c59a7cb6c8bc4349bf22e43712e6957d7c12e10cdf1383747b740b5fa916882d
SHA512

2449fb29a592d5d8af0b7fef21b03f57ee818cdad314cedae1246732b70c686486b51240a09793480d6d5f843f3225d9cc84269d41cffaa8efb7c483e7586132
SSDEEP

768:PewF4y7WMO8OnZ6Yi7SswD6fIpEVK66brYCjkREw:GY7O1GIqK0RE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3836 wrote to memory of 3136	3836	rundll32.exe	83
PID 3836 wrote to memory of 3136	3836	rundll32.exe	83
PID 3836 wrote to memory of 3136	3836	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c59a7cb6c8bc4349bf22e43712e6957d7c12e10cdf1383747b740b5fa916882d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c59a7cb6c8bc4349bf22e43712e6957d7c12e10cdf1383747b740b5fa916882d.dll,#1
  2⤵
  PID:3136