b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b

Analysis

max time kernel
269s
max time network
299s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 21:49

Target

b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b.dll
Size

5KB
MD5

80a6e4c51331a098f5680665d3e1c9d0
SHA1

8b4d15e2695d8828d068733efe81bc877910b85c
SHA256

b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b
SHA512

4bdd6edbb3bfdf3ad40b3f6cc91c7a26a6562bbdca142d21eab75094dbea8eea24f167c446260ff9897ec6acf5d3cf638df16d08ee242eb86cd30e35955e3769
SSDEEP

96:nEY2RrF1eqwi441DJTlNm7RKAk6iOdAtSWU7zNP7P2:EHRh1eppCPN2rklsANChP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 220 wrote to memory of 4400	220	rundll32.exe	80
PID 220 wrote to memory of 4400	220	rundll32.exe	80
PID 220 wrote to memory of 4400	220	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b2f719238b688ed37f12304f7a9abed699136f24628cf9f132ae3057de85138b.dll,#1
  2⤵
  PID:4400