ddf32ba296c968b5af03931106ec8e46da8a658a942ba7b8f2e9357947f3c83a

Analysis

max time kernel
259s
max time network
327s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 20:38

Target

ddf32ba296c968b5af03931106ec8e46da8a658a942ba7b8f2e9357947f3c83a.dll
Size

67KB
MD5

761a85763755dfb05694af0822769ee0
SHA1

5945c6b08a3c9b63ebb0032e3497c0673c151b64
SHA256

ddf32ba296c968b5af03931106ec8e46da8a658a942ba7b8f2e9357947f3c83a
SHA512

02272e5bfd884585077f72e6b76004a468defafc6feb9ced49669e0fe83a77a61ffe2688978a2f0b86c02da3b1baabcfeeda020bf147ed3e041d011ea2a75869
SSDEEP

1536:anR+RZ2klBVt6+7vG9POR4LrcUniAZ2dNBJ:aR+brlVTG5OiAUiAYzD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3648 wrote to memory of 2396	3648	rundll32.exe	80
PID 3648 wrote to memory of 2396	3648	rundll32.exe	80
PID 3648 wrote to memory of 2396	3648	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddf32ba296c968b5af03931106ec8e46da8a658a942ba7b8f2e9357947f3c83a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3648
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ddf32ba296c968b5af03931106ec8e46da8a658a942ba7b8f2e9357947f3c83a.dll,#1
  2⤵
  PID:2396