68ba1eff32179bb90bc1cd710f6ad8d694d674f7a683fc53b95a22ab9b0f7334

Analysis

max time kernel
147s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2022 20:12

Target

68ba1eff32179bb90bc1cd710f6ad8d694d674f7a683fc53b95a22ab9b0f7334.dll
Size

228KB
MD5

0b85c85c811973aca07c5a7075fb78bc
SHA1

4ce527465cadaa8fa3e8434e0b2895f1d9c12773
SHA256

68ba1eff32179bb90bc1cd710f6ad8d694d674f7a683fc53b95a22ab9b0f7334
SHA512

4e50e88c1176220bfdfef5d2d85bda9fa356a756ba7bc8f989e8ba381c546f6498dd3042596d547683bd8c9e64a6394670281eb767f681f3cb10781026121499
SSDEEP

6144:4VIjGGH4Nb1F6x2fXtavysT3/kA2f0IoCYVN/3oOGBm:4VeGGH4rF6kvtavysufj0//3oOG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3236 wrote to memory of 1560	3236	rundll32.exe	78
PID 3236 wrote to memory of 1560	3236	rundll32.exe	78
PID 3236 wrote to memory of 1560	3236	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\68ba1eff32179bb90bc1cd710f6ad8d694d674f7a683fc53b95a22ab9b0f7334.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3236
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\68ba1eff32179bb90bc1cd710f6ad8d694d674f7a683fc53b95a22ab9b0f7334.dll,#1
  2⤵
  PID:1560