22a1fb3677d1c85a03008836be8b4b209f8f6628efb119f6deec6b2138404f65

Analysis

max time kernel
139s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
26/08/2023, 19:33

Target

22a1fb3677d1c85a03008836be8b4b209f8f6628efb119f6deec6b2138404f65.dll
Size

136KB
MD5

a3503f01fa97debc53c5431e0edffda2
SHA1

8de20bec1ce53aebdc953579b42e9459bfcd4248
SHA256

22a1fb3677d1c85a03008836be8b4b209f8f6628efb119f6deec6b2138404f65
SHA512

6ea4222802575d318b139b73259b524b775de807cec637ad0183501d6e1c64b91c6d20c490b424767cc631003344174241c530d2ff9e14dcc0850ae638d9de34
SSDEEP

1536:iia9SlCEVoUMvQeP9rIuadlDwio+zzceV7oKoVi/np40k+Jf7QcAI1QppSm2rZSe:HSCNBIG4pOyWMcJ+9UfXnM8J8Z0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2156 wrote to memory of 4652	2156	rundll32.exe	81
PID 2156 wrote to memory of 4652	2156	rundll32.exe	81
PID 2156 wrote to memory of 4652	2156	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\22a1fb3677d1c85a03008836be8b4b209f8f6628efb119f6deec6b2138404f65.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\22a1fb3677d1c85a03008836be8b4b209f8f6628efb119f6deec6b2138404f65.dll,#1
  2⤵
  PID:4652