b3127c59d300ab9d1653e169b8519008644f5e8e3f26a218ea8fb3859d709fa0

Analysis

max time kernel
151s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 01:10

Target

b3127c59d300ab9d1653e169b8519008644f5e8e3f26a218ea8fb3859d709fa0.dll
Size

28KB
MD5

5f076557620899155348eeaf72e13e51
SHA1

c43bfec805fee76ad228072c22ce394428518eb1
SHA256

b3127c59d300ab9d1653e169b8519008644f5e8e3f26a218ea8fb3859d709fa0
SHA512

3cdee8652bc136f308d8eeb63b201953a3958541d63015767735a59b3f166afcce43939628a1d7939c1a78d73096785a968a5bca666360bab975eebfb520bd15
SSDEEP

384:EEAHxUSSqujzEKnGQeokkVX0MxCtcQNROW7pEkKPov2kvYJM+w9mXBaAHKoM7wY:yKSSqu3E0GQIk50mCD/LJAJp8AqoMs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2224 wrote to memory of 3204	2224	rundll32.exe	81
PID 2224 wrote to memory of 3204	2224	rundll32.exe	81
PID 2224 wrote to memory of 3204	2224	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3127c59d300ab9d1653e169b8519008644f5e8e3f26a218ea8fb3859d709fa0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3127c59d300ab9d1653e169b8519008644f5e8e3f26a218ea8fb3859d709fa0.dll,#1
  2⤵
  PID:3204

memory/3204-133-0x0000000000810000-0x000000000081D000-memory.dmp

Filesize
52KB

Download