021e747f511376243674c6e79051715d5a22cbed33b389afaebdbccaf80a9683

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2023 21:18

Target

021e747f511376243674c6e79051715d5a22cbed33b389afaebdbccaf80a9683.dll
Size

492KB
MD5

c2e8529bfecf4be47c0fab9fc962770d
SHA1

37d4653933df9d4483f0df01ac5149ad51b8de38
SHA256

021e747f511376243674c6e79051715d5a22cbed33b389afaebdbccaf80a9683
SHA512

bdadb1d9f20c424e840d1cae75df33f57325018c3c29105dd8a6fa35adf21b2f6f51ba70836c4de45f45a02b98d84bf33e3e7f3bd0af47edde65f268cca19967
SSDEEP

12288:POe1VvW+WlTR0pvxMfeARTNs98tfHml7YBzRK5I:P1VvW9NSxxMGARvml0BzRKy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4400 wrote to memory of 4796	4400	rundll32.exe	81
PID 4400 wrote to memory of 4796	4400	rundll32.exe	81
PID 4400 wrote to memory of 4796	4400	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\021e747f511376243674c6e79051715d5a22cbed33b389afaebdbccaf80a9683.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\021e747f511376243674c6e79051715d5a22cbed33b389afaebdbccaf80a9683.dll,#1
  2⤵
  PID:4796