3871406adc4c1dd16649734dc9f9e70567f1e714cd0f6f1751e0878ecf40b42d

Analysis

max time kernel
62s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2023 00:19

Target

3871406adc4c1dd16649734dc9f9e70567f1e714cd0f6f1751e0878ecf40b42d.dll
Size

3.0MB
MD5

436989add942930090eca6b3b2e0dafb
SHA1

ab19f1bac167b8a660044fb7f300718fde6cc2b0
SHA256

3871406adc4c1dd16649734dc9f9e70567f1e714cd0f6f1751e0878ecf40b42d
SHA512

91fd768e61956c7c6a2b79bf04eaeaa1fa8a3f6d7ad70c66115bd2ab61624b5764114587e2048259a97dce0821e183e26a42d7e91f073c020a5dac66bfd7124f
SSDEEP

49152:liHewsoD9PF7bE0f1dVAljZv6MUsCZTk/cWOPoy:IeW997bEU1dVApNNiTk/c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4464 wrote to memory of 2288	4464	rundll32.exe	rundll32.exe
PID 4464 wrote to memory of 2288	4464	rundll32.exe	rundll32.exe
PID 4464 wrote to memory of 2288	4464	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3871406adc4c1dd16649734dc9f9e70567f1e714cd0f6f1751e0878ecf40b42d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4464

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3871406adc4c1dd16649734dc9f9e70567f1e714cd0f6f1751e0878ecf40b42d.dll,#1
2⤵
PID:2288