865d5dd81f34540c2a931aec5a5280571a7c910fb6dde4b174756d4ba3fbd38d

Analysis

max time kernel
61s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11/04/2023, 19:09

Target

dddb7f44df311203facdf9bb248f80ad.dll
Size

89KB
MD5

dddb7f44df311203facdf9bb248f80ad
SHA1

a25e8a78fc5d298c8605180a1296300f4e2827d0
SHA256

865d5dd81f34540c2a931aec5a5280571a7c910fb6dde4b174756d4ba3fbd38d
SHA512

240f35fbd13c6bb61a1665fe61442f8d8b92e9f00f37ad59992019d3f2e82c0850e56dda6c4e227199ae888666fbdd1e54695cfe07b06d2b7ae623e7eab03bf3
SSDEEP

1536:Oo4NPCKLbqoYkbpplW9YoUsxXzbcouNhj2ZszsWuKcdJU6paB89p:OoUCWbBNpplToUs1uNhj25LJUaaB89p

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2176 wrote to memory of 2348	2176	rundll32.exe	83
PID 2176 wrote to memory of 2348	2176	rundll32.exe	83
PID 2176 wrote to memory of 2348	2176	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dddb7f44df311203facdf9bb248f80ad.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2176
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dddb7f44df311203facdf9bb248f80ad.dll,#1
  2⤵
  PID:2348