5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77

Analysis

max time kernel
234s
max time network
200s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
28-11-2022 02:34

Target

5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77.dll
Size

28KB
MD5

09f796df9c7a35002309053801c464e0
SHA1

8be9a5684ba9e8636b7046f52433e3c8637127e2
SHA256

5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77
SHA512

758382b9bac0f7707bb111ef1b6e069202a540cf471ce6bffea006f78c22db7f1bb84934b6137693265242643b117b0bbfd06c031a8cbe63b33bf1b82e2c92aa
SSDEEP

384:uiW2/S8CHPw7Im5ajszMY/7mjA3/OpUP/lfe:wb8IO/u6/O+P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 260 wrote to memory of 3856	260	rundll32.exe	81
PID 260 wrote to memory of 3856	260	rundll32.exe	81
PID 260 wrote to memory of 3856	260	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:260
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b3461717d848fdc9dfb959cde8deafe66cf1f547187f0385122be9f0bd3bf77.dll,#1
  2⤵
  PID:3856