bf39801d7a08c1bc71a458ee5d28e7774da139fab099b9148f59b95abe8f6310

Analysis

max time kernel
138s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2022 05:05

Target

bf39801d7a08c1bc71a458ee5d28e7774da139fab099b9148f59b95abe8f6310.dll
Size

77KB
MD5

0577d6327bb3523ff046fd67184fc479
SHA1

095714736edd3ba0760967feffc154044fea3b27
SHA256

bf39801d7a08c1bc71a458ee5d28e7774da139fab099b9148f59b95abe8f6310
SHA512

1008c62c6a900b12cb90043520711da2a72684d1a9d9988e90845f53024ce9e6a4b883bab4f235a00d2dd3506803724a48e362b95fd684ca5166fe15bc7cd45e
SSDEEP

1536:HKvv9jeCw6l9n+Eu2FgLJWMwJwnOPzglbGHHLaUh3K6c7aLIeSCbJvGYBvA8f:TSHu22LoBJ6PkKmLk2JvGYuY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3224 wrote to memory of 3044	3224	rundll32.exe	82
PID 3224 wrote to memory of 3044	3224	rundll32.exe	82
PID 3224 wrote to memory of 3044	3224	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf39801d7a08c1bc71a458ee5d28e7774da139fab099b9148f59b95abe8f6310.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bf39801d7a08c1bc71a458ee5d28e7774da139fab099b9148f59b95abe8f6310.dll,#1
  2⤵
  PID:3044