f76ad81216ce0a4c6e3979cbbdc50d7875e2d7fef3de25cb96fb0e19f5dcfb19

Analysis

max time kernel
86s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2023 21:59

Target

f76ad81216ce0a4c6e3979cbbdc50d7875e2d7fef3de25cb96fb0e19f5dcfb19.dll
Size

272KB
MD5

38f80eb9150d62115214c2481a05a56b
SHA1

efa1b12f38298226afa01e3e4df8ef8c7eca0ef2
SHA256

f76ad81216ce0a4c6e3979cbbdc50d7875e2d7fef3de25cb96fb0e19f5dcfb19
SHA512

bb3cc2c2cda7cc0dfe2beb51b144b3f5350992c720c575c0b7d056ef9a7e5577aff80d79216cf86227489eeca94af4990f2e8f5a90b1b2c4cd68d035e41f7de3
SSDEEP

3072:gBcYHz2bMT+Ce9MyZbnJOFaJUwT8qahl/t7GRweO4ctBADUREyMec4Ob:gBcYHz2bMTk9MoYaKm8NUtsAu4V4q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 736 wrote to memory of 4248	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 4248	736	rundll32.exe	rundll32.exe
PID 736 wrote to memory of 4248	736	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f76ad81216ce0a4c6e3979cbbdc50d7875e2d7fef3de25cb96fb0e19f5dcfb19.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:736

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f76ad81216ce0a4c6e3979cbbdc50d7875e2d7fef3de25cb96fb0e19f5dcfb19.dll,#1
2⤵
PID:4248