f921f80e0a04e0c79d787a561083ebe3c1424213b26a157a9b43af38d0d6dee2

Analysis

max time kernel
140s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23/08/2023, 04:34

Target

f921f80e0a04e0c79d787a561083ebe3c1424213b26a157a9b43af38d0d6dee2.dll
Size

407KB
MD5

1c095535435e8a0a4205da3e3fda173b
SHA1

ebc3e2175ac2d04494142472fa69ba697535c795
SHA256

f921f80e0a04e0c79d787a561083ebe3c1424213b26a157a9b43af38d0d6dee2
SHA512

9c83a4311d90b706b3a8395c3f74a074eb71c2844bddb227e0f662dc38b3bc80b7583077682c4b0fae3df10b8a84208b980eea7b967ad4e1cb6c7be44bd1aac0
SSDEEP

3072:YADQGmnCpni6lwqJeQes8HdnO0CUGKq3HojCsGUS5qG1asdbEDZbNkxk:YAMRk3tkq3N5l1e5kxk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1796 wrote to memory of 1820	1796	rundll32.exe	16
PID 1796 wrote to memory of 1820	1796	rundll32.exe	16
PID 1796 wrote to memory of 1820	1796	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f921f80e0a04e0c79d787a561083ebe3c1424213b26a157a9b43af38d0d6dee2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f921f80e0a04e0c79d787a561083ebe3c1424213b26a157a9b43af38d0d6dee2.dll,#1
  2⤵
  PID:1820