0b3299d96c9c60fac3c12ffc4abe36f5066a073f8d0198d514d6fdd758274143

Analysis

max time kernel
106s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
18/09/2022, 22:18

Target

0b3299d96c9c60fac3c12ffc4abe36f5066a073f8d0198d514d6fdd758274143.dll
Size

96KB
MD5

00fd21308ffcaeb74b072ee5750f0760
SHA1

d8e035d94a80ef0eb272298bac5596c305607230
SHA256

0b3299d96c9c60fac3c12ffc4abe36f5066a073f8d0198d514d6fdd758274143
SHA512

acf891514008522c909a4e995ed942bcb2a98c21de3559ed022d739b31a3689427225217a69318dfd3c0a1d2a7f1743ed90e44ac1d51b9d58cd5201600932a74
SSDEEP

3072:tzmO24R2yj/AmOs4cMTbFIETr2q6Wr1lVJANDz:hmO2iTj/AmOsA1t+AL/ANDz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3464 wrote to memory of 2008	3464	rundll32.exe	79
PID 3464 wrote to memory of 2008	3464	rundll32.exe	79
PID 3464 wrote to memory of 2008	3464	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3299d96c9c60fac3c12ffc4abe36f5066a073f8d0198d514d6fdd758274143.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0b3299d96c9c60fac3c12ffc4abe36f5066a073f8d0198d514d6fdd758274143.dll,#1
  2⤵
  PID:2008