f9a90db6b85973cf8ba56058a00c62ccc2a928e90b26087585f084caae77b070

Analysis

max time kernel
142s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2023, 18:59

Target

f9a90db6b85973cf8ba56058a00c62ccc2a928e90b26087585f084caae77b070.dll
Size

3.2MB
MD5

28a511a210663892643b0cf71d386ade
SHA1

7cc08dcd90d6295252262f71d1be8fa577b1a335
SHA256

f9a90db6b85973cf8ba56058a00c62ccc2a928e90b26087585f084caae77b070
SHA512

0b5e130e33ee7833d204f7bca3ad50504f11b4e7096d3382b2dd808945ac4a332480f3df4fc3074529881857f0033474cf7f1a0e08ac5eaf6d0bd617d93fd602
SSDEEP

49152:mN/wVmAgY28MrcawkKxP6H+K9eveUFAzlvSbZ6LJbCQZgqdiSVnWXMXDHnVtgFQc:meVZLMr8kKxP6fLsAzlviZ6d3gq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 1560	3300	rundll32.exe	81
PID 3300 wrote to memory of 1560	3300	rundll32.exe	81
PID 3300 wrote to memory of 1560	3300	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a90db6b85973cf8ba56058a00c62ccc2a928e90b26087585f084caae77b070.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f9a90db6b85973cf8ba56058a00c62ccc2a928e90b26087585f084caae77b070.dll,#1
  2⤵
  PID:1560