fbf96b3891bd2a492c81d5a4194e240009fddbf6b7e2d291287eb9fa7af182a3

Analysis

max time kernel
137s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04-12-2022 10:35

Target

fbf96b3891bd2a492c81d5a4194e240009fddbf6b7e2d291287eb9fa7af182a3.dll
Size

18KB
MD5

8dfb8fd3f42a6bf01d212b9011f868a0
SHA1

3212790bc1407256adb255878304b42d29d102b3
SHA256

fbf96b3891bd2a492c81d5a4194e240009fddbf6b7e2d291287eb9fa7af182a3
SHA512

d3b547bf17f2b236a6161f50e3efeae2e3ca44018972133b615c35f01723b145e72a513858cdcae1943249e0e833da0237239082409c8c99aad782c5ffde81aa
SSDEEP

384:jrDKFb+tnPWjtLf8zvfIwBc0zVX+o0viOcF:DqatnPWjtLfyC0Budv7cF

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 4808	2584	rundll32.exe	83
PID 2584 wrote to memory of 4808	2584	rundll32.exe	83
PID 2584 wrote to memory of 4808	2584	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbf96b3891bd2a492c81d5a4194e240009fddbf6b7e2d291287eb9fa7af182a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbf96b3891bd2a492c81d5a4194e240009fddbf6b7e2d291287eb9fa7af182a3.dll,#1
  2⤵
  PID:4808