b3bafe88c0366bddc0dc167d876879db29a85a8f24dd31f4ed0fbdbb22cfb827

Analysis

max time kernel
143s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 22:01

Target

b3bafe88c0366bddc0dc167d876879db29a85a8f24dd31f4ed0fbdbb22cfb827.dll
Size

193KB
MD5

b3db9066aeb2e9d60ee4aca84c35ca80
SHA1

bedb76a4684a201377f14701ad5f2fa149f70115
SHA256

b3bafe88c0366bddc0dc167d876879db29a85a8f24dd31f4ed0fbdbb22cfb827
SHA512

5dd85a9048da0be1fc7dc1bd61f81f117e21ab2cf27747480aa0988ae10bdf7e2e1bf85a54d65772638ab6e5607f79d59799a8b74bf97fd06f5f8fd8f5385086
SSDEEP

3072:7oUTB7x2CCDjZcK05FS7s/1ZFOHdos+thwhRfM4zErMtCwBwgUoWq6IewcgB:7okx2vh45osDFOIwj608AWq6R7gB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2696 wrote to memory of 4152	2696	rundll32.exe	82
PID 2696 wrote to memory of 4152	2696	rundll32.exe	82
PID 2696 wrote to memory of 4152	2696	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3bafe88c0366bddc0dc167d876879db29a85a8f24dd31f4ed0fbdbb22cfb827.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3bafe88c0366bddc0dc167d876879db29a85a8f24dd31f4ed0fbdbb22cfb827.dll,#1
  2⤵
  PID:4152

memory/4152-133-0x00000000754A0000-0x0000000075519000-memory.dmp

Filesize
484KB

Download