13b3ea8c85adb83e4f41258f4953bc7f7a96b41b67b35f242d9bc351719d8960

Analysis

max time kernel
156s
max time network
181s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2022 22:28

Target

13b3ea8c85adb83e4f41258f4953bc7f7a96b41b67b35f242d9bc351719d8960.dll
Size

136KB
MD5

bd70f7de175769835d3ab6519a384911
SHA1

36c511fa8773a0679a1c1e19df442fc1a88d58e0
SHA256

13b3ea8c85adb83e4f41258f4953bc7f7a96b41b67b35f242d9bc351719d8960
SHA512

3d5c32fc62c70f8312f090bcb18fc52005017fa616e29d627419b303144656efb25172a594521ce617e97623fadacdb08cc02dafba6e348fd2cb2c93fecee6b8
SSDEEP

1536:iMs3npARcdznEQGTf2M8kTSOzswmTYZe4BzasdNsOzXJNoFPIJWBNI5zCcS+xEPd:ns3e+dzcfOIQL8e4BzasLONI5zCyrZQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2112 wrote to memory of 868	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 868	2112	rundll32.exe	rundll32.exe
PID 2112 wrote to memory of 868	2112	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13b3ea8c85adb83e4f41258f4953bc7f7a96b41b67b35f242d9bc351719d8960.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2112
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13b3ea8c85adb83e4f41258f4953bc7f7a96b41b67b35f242d9bc351719d8960.dll,#1
  2⤵
  PID:868