2afb5303e191dde688c5626c3ee545e32e52f09da3b35b20f5e0d29a418432f5

Analysis

max time kernel
82s
max time network
153s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-03-2023 03:03

Target

x86/plugins/NetworkTools.dll
Size

116KB
MD5

a5de58251832d3aef63fee13c96b10d2
SHA1

9e598c1fd1539c1bfb5b55ebdacbe41c1ac26600
SHA256

62472b33ba6fe0f4c5f4997236b3e0d9053c9e2de9730e3db78d2749a2bea6c4
SHA512

dacfded99026f0a24dbf06c9b2c12e819dbeb1509441df2d9fa0e2d3048f2de64ebe259d5909fe88a24fabadf262595b4b96064bc17cf9347296b386e273a0c2
SSDEEP

1536:4zPf2Sz6wBaABOKcRmRkaPTTd4BXcVPZdjshsWk1cdeB7PIQl4jhNj:4zPf2SzuK9RkOTTd4BMdrEeB7AQl4j7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2272 wrote to memory of 1900	2272	rundll32.exe	66
PID 2272 wrote to memory of 1900	2272	rundll32.exe	66
PID 2272 wrote to memory of 1900	2272	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\plugins\NetworkTools.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2272
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\plugins\NetworkTools.dll,#1
  2⤵
  PID:1900