b2396356501b13b0f2f61e9ff1c771a112832a84b4ed8d6931303567d0257672

Analysis

max time kernel
90s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
02/12/2022, 19:58

Target

b2396356501b13b0f2f61e9ff1c771a112832a84b4ed8d6931303567d0257672.dll
Size

63KB
MD5

81398d823ebfc4cd2b715f071140d6c0
SHA1

05d6645d43fd4883587bf76e9daacdd8c2f03bf9
SHA256

b2396356501b13b0f2f61e9ff1c771a112832a84b4ed8d6931303567d0257672
SHA512

d650172b0d87569d84501a9db2298b99ae8c515436dece229496c772075779e82317c7e446a48f2a804e7c5459f345f85282ed4c184f6e62a6974adb7e12f2ee
SSDEEP

1536:1zExMwCGQ2jmMFbY/qlmwC/LVIULT37WozG0c+t6TW:1I+wCGvFF0SlRq7375dH4K

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 4904	1616	rundll32.exe	79
PID 1616 wrote to memory of 4904	1616	rundll32.exe	79
PID 1616 wrote to memory of 4904	1616	rundll32.exe	79

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2396356501b13b0f2f61e9ff1c771a112832a84b4ed8d6931303567d0257672.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2396356501b13b0f2f61e9ff1c771a112832a84b4ed8d6931303567d0257672.dll,#1
  2⤵
  PID:4904