bb2c5ae93d3662086100b683a89b38a5395a4f225b3cc530387e1b458e9adf1a

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 05:24

Target

bb2c5ae93d3662086100b683a89b38a5395a4f225b3cc530387e1b458e9adf1a.dll
Size

5KB
MD5

4d40ed94b1a2bc93695e13b7f81507d0
SHA1

044dd3a6d8ceceb52a965c30f4c598f3f9dcfb68
SHA256

bb2c5ae93d3662086100b683a89b38a5395a4f225b3cc530387e1b458e9adf1a
SHA512

7bd97524c3dbd9a21c8f92d2a4eb9746aad3890b50b8332dafa19e249bf5b036688f7b0c567e7177f8295474b477d2ecebbc58ab2c8e73c930ed93c6a6a8ba9a
SSDEEP

48:SfIR8ae/asxUOfi5qwlGsPZTXSJ+JSN361kiWbQbZlPCAeS6Ro8xCk2sUn:DIxUt5TliJuS8jISZ8Ar6o8wsU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4712 wrote to memory of 3008	4712	rundll32.exe	81
PID 4712 wrote to memory of 3008	4712	rundll32.exe	81
PID 4712 wrote to memory of 3008	4712	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb2c5ae93d3662086100b683a89b38a5395a4f225b3cc530387e1b458e9adf1a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb2c5ae93d3662086100b683a89b38a5395a4f225b3cc530387e1b458e9adf1a.dll,#1
  2⤵
  PID:3008