fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e

Analysis

max time kernel
137s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 13:30

Target

fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll
Size

19KB
MD5

f58d1d4c09a0390b2956edb9c7f03ac4
SHA1

313f1d76ada308664b4deada79997b948ff16eab
SHA256

fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e
SHA512

60b92a56ba9b8737b21d40f5d1a7c475b849a51fffe2d6fd77e366d9e42f4dab5f7f80e43ceb43f648af2a5bf950d1add67545604c230e50825e02022bad3aa7
SSDEEP

384:jQNm+awSIqEy+xng67fXsCZejfY1YhJpJgLa0MpHr:MNjSIhy4fXsfrvjgLa1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 2224	2268	rundll32.exe	81
PID 2268 wrote to memory of 2224	2268	rundll32.exe	81
PID 2268 wrote to memory of 2224	2268	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb5fae3df92ef8f1987e2ab91fb9a08f04ca614ffb12bc8a0612fe0b6b1bf66e.dll,#1
  2⤵
  PID:2224