b18fea97b18cd756059bcdcd889ffaf2589a0fb654d112679d78c5b826dc02d0

Analysis

max time kernel
115s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:41

Target

b18fea97b18cd756059bcdcd889ffaf2589a0fb654d112679d78c5b826dc02d0.dll
Size

6KB
MD5

e91d023056daee04f1d713acca81ab20
SHA1

884ad79d2f46172243bf3130a118033f0969fe10
SHA256

b18fea97b18cd756059bcdcd889ffaf2589a0fb654d112679d78c5b826dc02d0
SHA512

2a08a677617f80f907970f45ccd99482f855e9dfd170637dfb3da8c651cce6ea3eb65b5cba36b9d1fb55c62e9cfa19d38e82593a96790c487c4d56f2611cf145
SSDEEP

96:DixZjmjtjd8jPjcZGR5TI0rliEFdMYkhKffLcWdD2I0DVmLMbZt:unSR6bgYXiY/faFAM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3028 wrote to memory of 1224	3028	rundll32.exe	79
PID 3028 wrote to memory of 1224	3028	rundll32.exe	79
PID 3028 wrote to memory of 1224	3028	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b18fea97b18cd756059bcdcd889ffaf2589a0fb654d112679d78c5b826dc02d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b18fea97b18cd756059bcdcd889ffaf2589a0fb654d112679d78c5b826dc02d0.dll,#1
  2⤵
  PID:1224