b9338790a1fb9165fca40312a4ee195468dfb06eda0eb35536126114348ed6fc

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2022, 04:10

Target

b9338790a1fb9165fca40312a4ee195468dfb06eda0eb35536126114348ed6fc.dll
Size

100KB
MD5

85c4cfe2ffd6d0350064373da2ba1c4e
SHA1

105ff69da44f59cb19ceca325180e173921df1cd
SHA256

b9338790a1fb9165fca40312a4ee195468dfb06eda0eb35536126114348ed6fc
SHA512

d4ec4950fc19545d93cdda94f96190e9a6e22b06bcb11e8a643e63c1b409b6cf200bbd0c0ce446c3f04e9c2f3de432fb20969575dee3b6d36138b6f6530a78fd
SSDEEP

1536:YkhnyEr8J0LTq8Ho2W7FGrw6TK3vk+hmpbypUOUUU5FYnz:Vhn/8JyiFKTKNI9u91U5FY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4948 wrote to memory of 4900	4948	rundll32.exe	81
PID 4948 wrote to memory of 4900	4948	rundll32.exe	81
PID 4948 wrote to memory of 4900	4948	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9338790a1fb9165fca40312a4ee195468dfb06eda0eb35536126114348ed6fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9338790a1fb9165fca40312a4ee195468dfb06eda0eb35536126114348ed6fc.dll,#1
  2⤵
  PID:4900