98fbd72d1af6bd2b5eaedd3ffdbbc9da8559493e42d35e44e703c6935f8fd617

Analysis

max time kernel
141s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
06-12-2022 21:23

Target

98fbd72d1af6bd2b5eaedd3ffdbbc9da8559493e42d35e44e703c6935f8fd617.dll
Size

36KB
MD5

957640c0d5db800c1bad482cce0e79b7
SHA1

2909bc7a14674585d562faabf6c575527334b895
SHA256

98fbd72d1af6bd2b5eaedd3ffdbbc9da8559493e42d35e44e703c6935f8fd617
SHA512

fa4be8f90d9779890ab3e28b35f9ac1d2fdf9cc85d88a16e146eac241163a42c0427cfa16b8c5c711b453851882ba6825b3d905636aa673f8baf706f982d4c26
SSDEEP

768:4Tfpp7OfOeQ0/7sYFrc7eyQ6v0hA/L/CODb9iRlMkeOd:gpp765/77m7eyXv0hA/2O9iRlMkeU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4364 wrote to memory of 3420	4364	rundll32.exe	77
PID 4364 wrote to memory of 3420	4364	rundll32.exe	77
PID 4364 wrote to memory of 3420	4364	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\98fbd72d1af6bd2b5eaedd3ffdbbc9da8559493e42d35e44e703c6935f8fd617.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\98fbd72d1af6bd2b5eaedd3ffdbbc9da8559493e42d35e44e703c6935f8fd617.dll,#1
  2⤵
  PID:3420