b209aeb5505308ea60fccaf507ac6648e4beb1d8c63474fb94811c81b1490989

Analysis

max time kernel
125s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
02/10/2022, 09:42

Target

b209aeb5505308ea60fccaf507ac6648e4beb1d8c63474fb94811c81b1490989.dll
Size

64KB
MD5

6c96a92e61a27454b6fc38fdf69a2def
SHA1

d6e7aa82b0c9370bdba91bdee8ea13d31c911158
SHA256

b209aeb5505308ea60fccaf507ac6648e4beb1d8c63474fb94811c81b1490989
SHA512

353bcf71c9033e0ff25448400d14ad7b0f444fa10df99dc937034043895dfaab72e9ac7b92824eacdf33c7adfbc0bf7d5da6c7cf581a18b6b8a7b3312d1325a1
SSDEEP

1536:EG2ge7Tiopl7iYrBhiApdCU94vw+nT9H3RUaJh:EG2t72opl7iYrLiA7CU9qFFT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 4752	4772	rundll32.exe	81
PID 4772 wrote to memory of 4752	4772	rundll32.exe	81
PID 4772 wrote to memory of 4752	4772	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b209aeb5505308ea60fccaf507ac6648e4beb1d8c63474fb94811c81b1490989.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b209aeb5505308ea60fccaf507ac6648e4beb1d8c63474fb94811c81b1490989.dll,#1
  2⤵
  PID:4752