24d4fafa385d0f2b62498c72dfe44a69984123d16d417195a5e58885cb121ddb

Analysis

max time kernel
124s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
17-12-2022 20:05

Target

24d4fafa385d0f2b62498c72dfe44a69984123d16d417195a5e58885cb121ddb.dll
Size

204KB
MD5

7fd5698923697eca8bda71afc82d4e98
SHA1

bd3c3395ed8a524f0d4cf2b3412b1cd6b3ce6f31
SHA256

24d4fafa385d0f2b62498c72dfe44a69984123d16d417195a5e58885cb121ddb
SHA512

10360d853e06fea9fdaa66c3dc79ebaa20a33a81c9b98e95c8d4b117549976f53ab43c4a32a5e4f445f5f52780e5c278d304cd91a2442e00a3997f937244f173
SSDEEP

3072:we7BMtrI03oxxAsZHYXsHxYsRCPFXf85IE5KoUTh8aH:we7Wtk0sJYXs+siG5Ix8a

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 4692	4716	rundll32.exe	83
PID 4716 wrote to memory of 4692	4716	rundll32.exe	83
PID 4716 wrote to memory of 4692	4716	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\24d4fafa385d0f2b62498c72dfe44a69984123d16d417195a5e58885cb121ddb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\24d4fafa385d0f2b62498c72dfe44a69984123d16d417195a5e58885cb121ddb.dll,#1
  2⤵
  PID:4692