b1bfd6c16dc35f55b54e4e9917198b60ab378912e682ea2006ba5d19b740ec38

Analysis

max time kernel
258s
max time network
331s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 01:52

Target

b1bfd6c16dc35f55b54e4e9917198b60ab378912e682ea2006ba5d19b740ec38.dll
Size

32KB
MD5

ea9000ca422537a03a09767e7d4471d0
SHA1

678f42b4cf94cc8585263d333daf178292823fa8
SHA256

b1bfd6c16dc35f55b54e4e9917198b60ab378912e682ea2006ba5d19b740ec38
SHA512

0574d8afa07445a263aa78c97d9918d0a39dd2dde3e2b40e32599eb9da8cd508099a6df823d15bfd1f738023801f2ea0c3e6d570cf31d103175c30bbbb1274fa
SSDEEP

384:VFqL0mh9NfNryPHkx0bzSYAk8kVfO5Y4ZXXqGa/77y4gk+vjt4mt6dyRH+eAvvCD:bqLJLLEIkVf5/75L+vjGm4dA5ACRI8Dt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3988 wrote to memory of 4956	3988	rundll32.exe	80
PID 3988 wrote to memory of 4956	3988	rundll32.exe	80
PID 3988 wrote to memory of 4956	3988	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1bfd6c16dc35f55b54e4e9917198b60ab378912e682ea2006ba5d19b740ec38.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3988
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b1bfd6c16dc35f55b54e4e9917198b60ab378912e682ea2006ba5d19b740ec38.dll,#1
  2⤵
  PID:4956