b4ed1799b29ba9d079f37294b2428eec48a424ba53c70c87cea6918a25618db6

Analysis

max time kernel
161s
max time network
167s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 00:28

Target

b4ed1799b29ba9d079f37294b2428eec48a424ba53c70c87cea6918a25618db6.dll
Size

2.1MB
MD5

0556cba6c30815fa048f1221ff8e24eb
SHA1

e4486e6b50134be0b5fe0cf18f8c31202bb06089
SHA256

b4ed1799b29ba9d079f37294b2428eec48a424ba53c70c87cea6918a25618db6
SHA512

9d698ab7930d6a1f60274059e2538ea8c1948eef56d094057bc641d7c2cc3a2bb19bdfa9f80152a365f41ba2b0cc6d071fad1c4a7e06dd76c1ab779b8de7cfd6
SSDEEP

1536:bxJl2owFJEZ6LieE6bQSACB29z3A4/2SaSdw2LjVlkpHdK0etXKqx/0w0:b9hwbC6LjEaACQB/ndrVAHg0eZKUk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 4032	3468	rundll32.exe	81
PID 3468 wrote to memory of 4032	3468	rundll32.exe	81
PID 3468 wrote to memory of 4032	3468	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4ed1799b29ba9d079f37294b2428eec48a424ba53c70c87cea6918a25618db6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4ed1799b29ba9d079f37294b2428eec48a424ba53c70c87cea6918a25618db6.dll,#1
  2⤵
  PID:4032