b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba

Analysis

max time kernel
95s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 08:15

Target

b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba.dll
Size

76KB
MD5

4e588b0fc69fdb8953708fbdf2dc2f8c
SHA1

97384062b006405e9bd640fd591605770ee5fd68
SHA256

b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba
SHA512

71732c1b3aff033aefb73303012e93a4d551d2dc24210ec49efa1ec3b438150e1bbc011e7176c6cea5fd45e5dd0ac0a2359cc224786aca4b5891a030265865cd
SSDEEP

1536:piCTdIPXEYXLLDovZvcBCAAWay8dv1W/yr:4C5ZyLoWBCVdv1W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 748 wrote to memory of 2224	748	rundll32.exe	80
PID 748 wrote to memory of 2224	748	rundll32.exe	80
PID 748 wrote to memory of 2224	748	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:748
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b50d92c68e43128342bfd8dac8db96a500881c80f60c21a6a0faaf71a400b5ba.dll,#1
  2⤵
  PID:2224

memory/2224-134-0x0000000000EC0000-0x0000000000EDD000-memory.dmp

Filesize
116KB

Download
memory/2224-133-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/2224-135-0x0000000000EC0000-0x0000000000EDD000-memory.dmp

Filesize
116KB

Download