bb6661c2b8e9c437feaf538dd5140abd4387debc5b2feeef445ef8a50538bfb1

Analysis

max time kernel
151s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 05:48

Target

bb6661c2b8e9c437feaf538dd5140abd4387debc5b2feeef445ef8a50538bfb1.dll
Size

92KB
MD5

4b5926bf73cbf4cf1f778dea288679d1
SHA1

a538ec4e75e722d7fdfd2c406bc884d3b6850ecb
SHA256

bb6661c2b8e9c437feaf538dd5140abd4387debc5b2feeef445ef8a50538bfb1
SHA512

198d491986af00642fd178f7df8f14c679d131c04efca03d495c49e11bd44065c3848cc10876a9b9bdccc2ea7b7a002f536249353f20b82c66b37e3274cf6485
SSDEEP

1536:7e7sTu5lV63OyslEw35+gKDBT9DOcNIHTRToBw+b5LuAj:7rTu5KOlEs+gKDBT9DO1HJoBwAl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2600 wrote to memory of 768	2600	rundll32.exe	83
PID 2600 wrote to memory of 768	2600	rundll32.exe	83
PID 2600 wrote to memory of 768	2600	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb6661c2b8e9c437feaf538dd5140abd4387debc5b2feeef445ef8a50538bfb1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bb6661c2b8e9c437feaf538dd5140abd4387debc5b2feeef445ef8a50538bfb1.dll,#1
  2⤵
  PID:768

memory/768-133-0x00000000009C0000-0x00000000009CA000-memory.dmp

Filesize
40KB

Download
memory/768-135-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download
memory/768-137-0x00000000009C0000-0x00000000009CA000-memory.dmp

Filesize
40KB

Download
memory/768-138-0x00000000009C0000-0x00000000009CA000-memory.dmp

Filesize
40KB

Download