befd33499f7e8f9aba088aa648882edb53ad60d03e109adf0807a75f4c4c1855

Analysis

max time kernel
151s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
28/11/2022, 01:53

Target

befd33499f7e8f9aba088aa648882edb53ad60d03e109adf0807a75f4c4c1855.dll
Size

995KB
MD5

03eee9cc5a71f2117477692f7724bcde
SHA1

76795ecd71960aa9fa0df84ba8d8a57552c0e534
SHA256

befd33499f7e8f9aba088aa648882edb53ad60d03e109adf0807a75f4c4c1855
SHA512

71961096d9de8cbb47e1b2746aab62caf790582392c840e8cfcc12657037dae99968aa5f4e47ab7b9c56305a1ad3b15513d8cb1111c97ed600abe01e3b662966
SSDEEP

3072:CJ251bkWa9n8AXbQUAUcvofQjbU3KTBftb/ehPKQvh:CJ251bkWaN8AXbQUkvQIbU3KTBlbW1p

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4536	2232	rundll32.exe	81
PID 2232 wrote to memory of 4536	2232	rundll32.exe	81
PID 2232 wrote to memory of 4536	2232	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\befd33499f7e8f9aba088aa648882edb53ad60d03e109adf0807a75f4c4c1855.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2232
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\befd33499f7e8f9aba088aa648882edb53ad60d03e109adf0807a75f4c4c1855.dll,#1
  2⤵
  PID:4536