b8c4d134662884e6d265fba34bc40e0a10474877913068e9ecdb961093e55b81

Analysis

max time kernel
143s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 04:03

Target

b8c4d134662884e6d265fba34bc40e0a10474877913068e9ecdb961093e55b81.dll
Size

76KB
MD5

443139d9621ce197c073285c6041fb74
SHA1

756adb4dbdc63887c10c3d509c8717c60eb11cde
SHA256

b8c4d134662884e6d265fba34bc40e0a10474877913068e9ecdb961093e55b81
SHA512

1fb2d9696666d0bbbec92ff3f9018c5ad1258bcbbe5d76d338e369a5a1d94b13f23d0b79b2d17cd96503de2dff99b43a1f351b31644d6b39fc159a2b8d008d17
SSDEEP

1536:HKvv9jeCw6l9n+Eu2YXDD3gQPr9kS9mhzmqU0iNEcUcLvQcjc0B/j9Yl10f:TSHu2MDEQPr9xmhqqXiNIcLvQc4oj9Ge

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5092 wrote to memory of 3104	5092	rundll32.exe	80
PID 5092 wrote to memory of 3104	5092	rundll32.exe	80
PID 5092 wrote to memory of 3104	5092	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8c4d134662884e6d265fba34bc40e0a10474877913068e9ecdb961093e55b81.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5092
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b8c4d134662884e6d265fba34bc40e0a10474877913068e9ecdb961093e55b81.dll,#1
  2⤵
  PID:3104