b31f92bea48345ef127b32ea74287a8dd299de0a70ac9d6a0218475834453b53

Analysis

max time kernel
91s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 15:00

Target

b31f92bea48345ef127b32ea74287a8dd299de0a70ac9d6a0218475834453b53.dll
Size

36KB
MD5

9d0273d6f285e1398f0c96a9632f519b
SHA1

e2118224472574ddc698686fdfb2af3f863093d7
SHA256

b31f92bea48345ef127b32ea74287a8dd299de0a70ac9d6a0218475834453b53
SHA512

4f3cba76f70ec73022fa0efec298efdc1645a5e647de1eb901ca8f0cd7351bf9bde34dfc84cfa43f73c3d8fbfeb571778dbfa0f9bbddfd6eae8e57e9a5d5e8c9
SSDEEP

768:yZnisNYEB6383nbbNcvqVpMOtJdIaC7Qf6ayb1YHiw:ywsNJ53leatUaC7Qf67b1YH

Score

1^/10

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4936	rundll32.exe
4936	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 4936	5052	rundll32.exe	81
PID 5052 wrote to memory of 4936	5052	rundll32.exe	81
PID 5052 wrote to memory of 4936	5052	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b31f92bea48345ef127b32ea74287a8dd299de0a70ac9d6a0218475834453b53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b31f92bea48345ef127b32ea74287a8dd299de0a70ac9d6a0218475834453b53.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4936