bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42

Analysis

max time kernel
311s
max time network
414s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/12/2022, 01:56

Target

bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll
Size

360KB
MD5

cbf7ecdb67a7d9978614c997de2a22f0
SHA1

6eada85f28ce4477e57e4446863d5ba2f4883dfa
SHA256

bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42
SHA512

38960622e00177ab101c147d5b1989ea961802a7917f16f7f14a92889ad3bba17822c461e617ef491e688f484374c4b06b198dd72f1a48391745044e11a1b551
SSDEEP

6144:TdoSityBcrECwzKPmMOSF1ck5zxwJdJnM0tt:hhOa7Cwve1c4WJMat

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3140 wrote to memory of 4764	3140	rundll32.exe	32
PID 3140 wrote to memory of 4764	3140	rundll32.exe	32
PID 3140 wrote to memory of 4764	3140	rundll32.exe	32

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3140
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bee0e28d2addb41fe32ab434f8fb3dfd0a17ffd6642ae6f711c69e49db442c42.dll,#1
  2⤵
  PID:4764

memory/4764-133-0x000000004A800000-0x000000004A85A000-memory.dmp

Filesize
360KB

Download
memory/4764-134-0x000000004A800000-0x000000004A85A000-memory.dmp

Filesize
360KB

Download