b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78

Analysis

max time kernel
177s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 14:53

Target

b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78.dll
Size

204KB
MD5

6857fc4e02affd1c8af5fa96e44998fa
SHA1

2fd502f09a9dad4b9c6081c31a6193352b1565ac
SHA256

b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78
SHA512

124525a2e2ffd4af1048e49944bd2ee29bcb516449290f37869c92461e315c54e1c2000e36ba259141694b8dc63cbe6f3118df52eb7e720d0786353e0e8fab56
SSDEEP

3072:Yjtd7h3KIm6lzxxiCVKUGN247mYBVc/iDoAEOfztM1he+s9te4+z:YFi8BYYEIhLvz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1116 wrote to memory of 2792	1116	rundll32.exe	78
PID 1116 wrote to memory of 2792	1116	rundll32.exe	78
PID 1116 wrote to memory of 2792	1116	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8f7a2bb965a6613044d4eecc7a29e1363abe449f9cc6ea72dd693aef0d70e78.dll,#1
  2⤵
  PID:2792