ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb

Analysis

max time kernel
122s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:02

Target

ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll
Size

5KB
MD5

5c1a32385e2b9ca5ddfb88b57703cea0
SHA1

312fc3b8f840b772942499b04fe84bf260a45d85
SHA256

ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb
SHA512

f4276f8bd5a579ab9db82c38b603d1a594962476c779d03d3fe1c54f781c724115931e437d5753d5b328e3bf631026e81e54ebb7e9a9d0540f8a78e728bfeaf3
SSDEEP

48:q0aaPO8jGSLIv+Tqq7NqrhWR07iIsitl6YtDytJFgOrnsB/SsyomXr6Smucra:1h9jTqMMrY0OI/KYyznSMeSmuj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2084 wrote to memory of 2632	2084	rundll32.exe	81
PID 2084 wrote to memory of 2632	2084	rundll32.exe	81
PID 2084 wrote to memory of 2632	2084	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba11d23002a546b3df3ac050357400fbe5769df13d5d7eb84408efd01ff7abbb.dll,#1
  2⤵
  PID:2632