7343494ca5da2bc117a5f71ab037918e84c17de7bfeb9e5d3dda7d71e5decc21

Analysis

max time kernel
112s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2022 14:31

Target

7343494ca5da2bc117a5f71ab037918e84c17de7bfeb9e5d3dda7d71e5decc21.dll
Size

2.4MB
MD5

f4135e95e0ed685e34de285a44581e4d
SHA1

669690885dec08a258b9bc5b4c8ef5b1d49c1bbf
SHA256

7343494ca5da2bc117a5f71ab037918e84c17de7bfeb9e5d3dda7d71e5decc21
SHA512

b50debc8ebcfbc16126cea32c1d0cd6ba0a4b6a931439504016e6315475453135f241be9031dc0c08b52e8762b5297f8af83b9a18f0c098cab7e00ee0135721b
SSDEEP

49152:06DEga6YxjvwIUNISJFFcJBRLPYTxaxZ:0pvl+cJEaz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3856 wrote to memory of 4808	3856	rundll32.exe	rundll32.exe
PID 3856 wrote to memory of 4808	3856	rundll32.exe	rundll32.exe
PID 3856 wrote to memory of 4808	3856	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7343494ca5da2bc117a5f71ab037918e84c17de7bfeb9e5d3dda7d71e5decc21.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3856

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7343494ca5da2bc117a5f71ab037918e84c17de7bfeb9e5d3dda7d71e5decc21.dll,#1
2⤵
PID:4808