b9c6ee6ff09b9f5185ddf28b9358eb48107fb78d8978b78a4b5d124b51496045

Analysis

max time kernel
148s
max time network
171s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 06:20

Target

b9c6ee6ff09b9f5185ddf28b9358eb48107fb78d8978b78a4b5d124b51496045.dll
Size

132KB
MD5

d3bcf377cb29cb2a23b32a64fa0ec7b0
SHA1

d29a156ec903a6482664e206bc976c669af1e3d5
SHA256

b9c6ee6ff09b9f5185ddf28b9358eb48107fb78d8978b78a4b5d124b51496045
SHA512

e80763df5d19c0f09360ae72f9a0dcfdd395aa19182015a8aa1a37b07b98e3748ffbc83673b9f5e0cd38f25ce79dd2006e5381e82f74b5005f0ce5db63bbb597
SSDEEP

3072:vFeb3BwvCrdq+VrkYwgMDcjztLhO4LnZAnt:Neb3BwvCr/VjwgMDwztLU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4376 wrote to memory of 4996	4376	rundll32.exe	84
PID 4376 wrote to memory of 4996	4376	rundll32.exe	84
PID 4376 wrote to memory of 4996	4376	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9c6ee6ff09b9f5185ddf28b9358eb48107fb78d8978b78a4b5d124b51496045.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4376
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9c6ee6ff09b9f5185ddf28b9358eb48107fb78d8978b78a4b5d124b51496045.dll,#1
  2⤵
  PID:4996