b1e9d02f7d48d23e4bdf116ee1c6ce07241253080768f7554318310514d2de28

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
03/12/2022, 15:06

Target

b1e9d02f7d48d23e4bdf116ee1c6ce07241253080768f7554318310514d2de28.dll
Size

57KB
MD5

461a8b0c87adde2ccb4bbf7745fe8bad
SHA1

fc6b68fa1752b9e070ca6e2de3c30d56cb748cc9
SHA256

b1e9d02f7d48d23e4bdf116ee1c6ce07241253080768f7554318310514d2de28
SHA512

04037039fc53dd861ab26f48f9d1ab1c599abaeda29188fa51090f34e361113d9494015d43ecf27d94a90121b8c323f3b45f0e7ce91260ee82724aefed89a0bf
SSDEEP

1536:yNIKDD4YU6EMyDcqiZZZNihyISFIR6/JP+3CT:zqD4YU6ErtGNEKIpCT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 4376	4900	rundll32.exe	80
PID 4900 wrote to memory of 4376	4900	rundll32.exe	80
PID 4900 wrote to memory of 4376	4900	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1e9d02f7d48d23e4bdf116ee1c6ce07241253080768f7554318310514d2de28.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1e9d02f7d48d23e4bdf116ee1c6ce07241253080768f7554318310514d2de28.dll,#1
  2⤵
  PID:4376