bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04

Analysis

max time kernel
112s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
30/10/2022, 16:26

Target

bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04.dll
Size

220KB
MD5

830936ed300c91cde490ce98177b8bd5
SHA1

232bb4a29787fd1b2d8749fa2e1db68c626dd942
SHA256

bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04
SHA512

e4a38fee723c5e63e5de772a3f1ce7f9aee98d19bc1d0047cbd9433d1a2fd63d227d04aeed58d3bfa1a80af2436266232536cb03b5046fa00a71eb3fce5a086d
SSDEEP

3072:JKHXlxQJ1fLhMwyQjRzCuyoiL/tb0tSXe/mDwaM/aa8fI/f1X9u:JKEJ1VMw3XjytbLReaVWu

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4260 wrote to memory of 1496	4260	rundll32.exe	80
PID 4260 wrote to memory of 1496	4260	rundll32.exe	80
PID 4260 wrote to memory of 1496	4260	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb84de309da8740db3c1d30bd0b73e83072ebc1ae90a1f024f8535de21eaed04.dll,#1
  2⤵
  PID:1496

memory/1496-133-0x0000000074D80000-0x0000000074DB9000-memory.dmp

Filesize
228KB

Download
memory/1496-134-0x00000000001F0000-0x00000000001FF000-memory.dmp

Filesize
60KB

Download
memory/1496-135-0x00000000005A0000-0x00000000005AF000-memory.dmp

Filesize
60KB

Download