4edf6fc489c3a51acb9e514df53314c5916acd0ab50cdf5c1087874e733b6bd8

Analysis

max time kernel
200s
max time network
245s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
15/01/2023, 20:08

Target

4edf6fc489c3a51acb9e514df53314c5916acd0ab50cdf5c1087874e733b6bd8.dll
Size

236KB
MD5

56afc95eac1a6ec5643212b02bffc2ec
SHA1

854f60d505113ee81d47f38b58726890980ab013
SHA256

4edf6fc489c3a51acb9e514df53314c5916acd0ab50cdf5c1087874e733b6bd8
SHA512

2b27b58ce916369aef53f64bdcc845e56b6ad5fa152c1a6f057f50f437550571ce622d5765b2a71f626248f42f922035bc15646573ed5252cc524afaf7d3016a
SSDEEP

6144:lNZaTHNS02IOU2D1DKM9tdls4KyBD5qCO:lPm40GzD1W9+q1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1260 wrote to memory of 3776	1260	rundll32.exe	77
PID 1260 wrote to memory of 3776	1260	rundll32.exe	77
PID 1260 wrote to memory of 3776	1260	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4edf6fc489c3a51acb9e514df53314c5916acd0ab50cdf5c1087874e733b6bd8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4edf6fc489c3a51acb9e514df53314c5916acd0ab50cdf5c1087874e733b6bd8.dll,#1
  2⤵
  PID:3776