b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5

Analysis

max time kernel
161s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
01/12/2022, 19:25

Target

b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5.dll
Size

411KB
MD5

e4a1e1ac96bc1ba61c85f354d9f8655b
SHA1

8db67d0a329a52c78eabaaf5885c9509565783f1
SHA256

b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5
SHA512

5e00c51d001cdadb004bb244ac5053013696360097b93f7468bb51bc4c73971d79df34992269de8983803f2b98935534d85cd96469f8a457e172c055a3cd9b58
SSDEEP

6144:KDmNdIhxjqhycqyN6Y7Gem+7F+3bIDE2L41fua0Jqb7bdO/8:qmN+hx24c/Vyv+4SCury7bdOE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 1032	1784	rundll32.exe	83
PID 1784 wrote to memory of 1032	1784	rundll32.exe	83
PID 1784 wrote to memory of 1032	1784	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b01b1500c8a1b48b903c4667c5a5b97564d8774656491e15771f2708d18d71b5.dll,#1
  2⤵
  PID:1032