628f358674eb90011d4844b4ca601bf15b3530ff04bd8f77c2b323da17dd1292

Analysis

max time kernel
127s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2022, 05:15

Target

628f358674eb90011d4844b4ca601bf15b3530ff04bd8f77c2b323da17dd1292.dll
Size

16KB
MD5

eb4d5afaf42af3504edb857afaaa6161
SHA1

15019c360428dfbb321b2874a975ec1363cfe8a9
SHA256

628f358674eb90011d4844b4ca601bf15b3530ff04bd8f77c2b323da17dd1292
SHA512

db31b0c48afd891b71ed98dd2ba4e26b02c357d7e00ee465c96ad0a9eecbd56d6cdf4adac07ad5a0cc7e17bea4c3daf0e3ac00b3d0993f35ca4c00e056f9251f
SSDEEP

24:e1GSgDSEhpCglIB6SXvVmMPNjvhBrDsqZ:SgDzllVImgNNBsG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 1848	2780	rundll32.exe	82
PID 2780 wrote to memory of 1848	2780	rundll32.exe	82
PID 2780 wrote to memory of 1848	2780	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\628f358674eb90011d4844b4ca601bf15b3530ff04bd8f77c2b323da17dd1292.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\628f358674eb90011d4844b4ca601bf15b3530ff04bd8f77c2b323da17dd1292.dll,#1
  2⤵
  PID:1848