b5d322ef10594432583d82a108e70ac173e09bb09f1723a14c499dbe9d568609

Analysis

max time kernel
137s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2022, 15:13

Target

b5d322ef10594432583d82a108e70ac173e09bb09f1723a14c499dbe9d568609.dll
Size

68KB
MD5

699b09fbb2b954ad280457a5869c886b
SHA1

5ef64b20b69f7d5145c0cdd5dec238a2e573f503
SHA256

b5d322ef10594432583d82a108e70ac173e09bb09f1723a14c499dbe9d568609
SHA512

9fe5b2d4170a1ee8a1f9fabb779d53a5252f939bb315663e500d2e20895a27dfba05db425ca819181cfc74d71922fc7656016fae8656176e391cdd0b1302c699
SSDEEP

768:3YpiPD18ljSbGfSNN9DNwHWg4hMUlNEj72ANvdIU/wHRB9+JbrL0hhAUC5ZhS9dw:cWb/bDCS6jNb/wHn9mrLUlJClP48

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 4796	4888	rundll32.exe	82
PID 4888 wrote to memory of 4796	4888	rundll32.exe	82
PID 4888 wrote to memory of 4796	4888	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5d322ef10594432583d82a108e70ac173e09bb09f1723a14c499dbe9d568609.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5d322ef10594432583d82a108e70ac173e09bb09f1723a14c499dbe9d568609.dll,#1
  2⤵
  PID:4796