b1a80c26b8ab2344dcf3b40934b644f46fd9cf121447beeee68f9ee7f2fdda48

Analysis

max time kernel
111s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 02:39

Target

b1a80c26b8ab2344dcf3b40934b644f46fd9cf121447beeee68f9ee7f2fdda48.dll
Size

252KB
MD5

a2728fe453b78c07eddfc4ba804879c0
SHA1

8eb488ae1ca4e9378d5e37c4cbd487304546a37d
SHA256

b1a80c26b8ab2344dcf3b40934b644f46fd9cf121447beeee68f9ee7f2fdda48
SHA512

b8f864e123193c0d30aeb27844d996a05a792690677e90e025038b0bcc8a9e8e4a4fd3a98be1b87b9f9ac254ba1da9e44f10aa8ea5476fea63fe1176d99a3a21
SSDEEP

6144:wFQNjxfCSjMiUH/W72WI4aW9Val0Sx7ePF5I2L:uQN9MjfWYEValMFrL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2824 wrote to memory of 2244	2824	rundll32.exe	82
PID 2824 wrote to memory of 2244	2824	rundll32.exe	82
PID 2824 wrote to memory of 2244	2824	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1a80c26b8ab2344dcf3b40934b644f46fd9cf121447beeee68f9ee7f2fdda48.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2824
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1a80c26b8ab2344dcf3b40934b644f46fd9cf121447beeee68f9ee7f2fdda48.dll,#1
  2⤵
  PID:2244

memory/2244-133-0x0000000010000000-0x0000000010044000-memory.dmp

Filesize
272KB

Download