a8ba64efb45201d26f11c8a7589e8d1da1b62b031b3410221768afd1dc58ee8b

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:53

Target

a8ba64efb45201d26f11c8a7589e8d1da1b62b031b3410221768afd1dc58ee8b.dll
Size

63KB
MD5

b75d6d18053b7a763996f2b1eb06f757
SHA1

2630582bd0c1bc1a9ad35c88aeefeb308daae81b
SHA256

a8ba64efb45201d26f11c8a7589e8d1da1b62b031b3410221768afd1dc58ee8b
SHA512

1b27dfa979975e15cd25e7e5f0f1e9ad72b92f213adaf65c1114da2ce83693a2ea7f2a6eb1c6fa151f5d575ad31d53e405d12f3364d2a316fc0d24280b01b7e2
SSDEEP

1536:evXZZRRnVVdAYtmpXCLe3yr0JScoKM84aI4CraaQej:+ZDRfiqmpSLe37JIBnaaNj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 4956	5068	rundll32.exe	81
PID 5068 wrote to memory of 4956	5068	rundll32.exe	81
PID 5068 wrote to memory of 4956	5068	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8ba64efb45201d26f11c8a7589e8d1da1b62b031b3410221768afd1dc58ee8b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a8ba64efb45201d26f11c8a7589e8d1da1b62b031b3410221768afd1dc58ee8b.dll,#1
  2⤵
  PID:4956