afb8638bb752bc49d5270309b4b796e11708a16bf24d2945b595271e934ce404

Analysis

max time kernel
91s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
15-04-2023 20:09

Target

afb8638bb752bc49d5270309b4b796e11708a16bf24d2945b595271e934ce404.dll
Size

384KB
MD5

2ec56dc948a201ab5efdeff3f7aef68e
SHA1

da5514ce999715b1572edfc54a7841c0ae77f86c
SHA256

afb8638bb752bc49d5270309b4b796e11708a16bf24d2945b595271e934ce404
SHA512

69a007e282f98e490dec367d3ba55bd804af5c1f2b982046de79573f977e9c4ade173fb950423f7afa94c6a5f2e9a7bfdffa05301d0c3b263ae42f655aef0c30
SSDEEP

6144:q/xCm34S5jTbvzo47H0OXsrSRJNmskmCLwqddTdd6cI:8xCmd5fbvzoU0OXl7NmNw1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4932 wrote to memory of 1312	4932	rundll32.exe	83
PID 4932 wrote to memory of 1312	4932	rundll32.exe	83
PID 4932 wrote to memory of 1312	4932	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\afb8638bb752bc49d5270309b4b796e11708a16bf24d2945b595271e934ce404.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\afb8638bb752bc49d5270309b4b796e11708a16bf24d2945b595271e934ce404.dll,#1
  2⤵
  PID:1312