387a3961a9829d7e797bed534ed4602e52242a91b05fac1fef8176f40f8dbfcf

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-05-2023 20:24

Target

387a3961a9829d7e797bed534ed4602e52242a91b05fac1fef8176f40f8dbfcf.dll
Size

288KB
MD5

b78677e5b891d4ade52eb9dbb584d3bc
SHA1

2e0973b1923cf83792e6cddb223df6162dfd473b
SHA256

387a3961a9829d7e797bed534ed4602e52242a91b05fac1fef8176f40f8dbfcf
SHA512

0fc6a9538f33144d32049347ac8708b377d42449aebe18aeadc427e183337cd9f928dcd36a5ddfdc1f997dfa16f7946e03dc43864053c5047d2487ce39de6552
SSDEEP

3072:8rCYqD/C/s2IeTTn2KZJVgk+B6ELxmzVc9qMVuFTWXuczEi2OrctBuUc4fKUx:8rCYqD/C/sOXn2KZAtMEL8zV2I6sa4Dx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1180 wrote to memory of 2204	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 2204	1180	rundll32.exe	rundll32.exe
PID 1180 wrote to memory of 2204	1180	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\387a3961a9829d7e797bed534ed4602e52242a91b05fac1fef8176f40f8dbfcf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1180

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\387a3961a9829d7e797bed534ed4602e52242a91b05fac1fef8176f40f8dbfcf.dll,#1
2⤵
PID:2204