beb791b3ce8c7a7ea8e1a93c9545ea0a9480cccda5d2c75d156c760bd47d4975

Analysis

max time kernel
148s
max time network
176s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 08:03

Target

beb791b3ce8c7a7ea8e1a93c9545ea0a9480cccda5d2c75d156c760bd47d4975.dll
Size

64KB
MD5

ef57b542a2c69502abb12bec1bafaa85
SHA1

a31ac5f72f0c0aafe8cf0d76aef6e891e094fe96
SHA256

beb791b3ce8c7a7ea8e1a93c9545ea0a9480cccda5d2c75d156c760bd47d4975
SHA512

be6fe409f36255dd8db961151f50132c23c2e61380d951830063a79fe331857a001c8f13e54eca54009a0949fbafed55175044c7b448ce6a96887c17803643c6
SSDEEP

768:khibTrRgFZ0P/8NJid0NnG4jY4SSLIyA1T5IlmhEXRFO9sK01wJwVCqCOwlf+cbO:khC0K/8Pid0NnG8nAjS0I1wJw8Uwwcz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4896 wrote to memory of 4100	4896	rundll32.exe	82
PID 4896 wrote to memory of 4100	4896	rundll32.exe	82
PID 4896 wrote to memory of 4100	4896	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\beb791b3ce8c7a7ea8e1a93c9545ea0a9480cccda5d2c75d156c760bd47d4975.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\beb791b3ce8c7a7ea8e1a93c9545ea0a9480cccda5d2c75d156c760bd47d4975.dll,#1
  2⤵
  PID:4100

memory/4100-133-0x0000000000BB0000-0x0000000000BBB000-memory.dmp

Filesize
44KB

Download
memory/4100-134-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download
memory/4100-135-0x0000000000BB0000-0x0000000000BBB000-memory.dmp

Filesize
44KB

Download
memory/4100-136-0x0000000010000000-0x0000000010017000-memory.dmp

Filesize
92KB

Download