1bbdcf8cb58e243fda3ac237f0c5cb94867a7a40f7d2a27b5a281cf008010796

Analysis

max time kernel
112s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03-12-2022 03:20

Target

1bbdcf8cb58e243fda3ac237f0c5cb94867a7a40f7d2a27b5a281cf008010796.dll
Size

68KB
MD5

5adecf6f543e73c8ba30ceab4384489b
SHA1

cf7fb164a3f568a3da313d1e45f49612c4788b03
SHA256

1bbdcf8cb58e243fda3ac237f0c5cb94867a7a40f7d2a27b5a281cf008010796
SHA512

953f00335388cf001c82f428c6a740d9aad332a1b097387fbf6d56222bd5d5c8eb37c22878e221aa44f9de797e6adc9d7318e86eec4c806c587973f13984a253
SSDEEP

1536:4sKXEz75WaYksOTCR3l32o+QUWO3okSmSINrLRo1Mxjm:NL75WaHs1l3t+3NSmSINDxjm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 2548	2532	rundll32.exe	82
PID 2532 wrote to memory of 2548	2532	rundll32.exe	82
PID 2532 wrote to memory of 2548	2532	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bbdcf8cb58e243fda3ac237f0c5cb94867a7a40f7d2a27b5a281cf008010796.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1bbdcf8cb58e243fda3ac237f0c5cb94867a7a40f7d2a27b5a281cf008010796.dll,#1
  2⤵
  PID:2548