ba59c3194e0a987baa4f3101699a563206a9ce93dca753b3a1671a86fc0f3afd

Analysis

max time kernel
72s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02-12-2022 19:52

Target

ba59c3194e0a987baa4f3101699a563206a9ce93dca753b3a1671a86fc0f3afd.dll
Size

72KB
MD5

bf7eed7277028774b6d064f62a6da520
SHA1

d7b7e98f1cfe335aebe75e0602a0609c1e236af3
SHA256

ba59c3194e0a987baa4f3101699a563206a9ce93dca753b3a1671a86fc0f3afd
SHA512

26475f1ed7fa8964051574d32762559c6a68a6b5b1e5c66d2647174d029529b08e4d268f73fc7dd1a5473302eb7e00fdd17688da7cbdbeb6e3fdc7b09d247c74
SSDEEP

1536:evznSkUcRhQAB2zhj6FAs+Lar8DXr9ydF9+By68Jih/T:USXS2AAQEO8MdF9Yy68y/T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 428 wrote to memory of 1808	428	rundll32.exe	80
PID 428 wrote to memory of 1808	428	rundll32.exe	80
PID 428 wrote to memory of 1808	428	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba59c3194e0a987baa4f3101699a563206a9ce93dca753b3a1671a86fc0f3afd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:428
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba59c3194e0a987baa4f3101699a563206a9ce93dca753b3a1671a86fc0f3afd.dll,#1
  2⤵
  PID:1808