bbe839ca33929ca9647a9859d055f1530470615ca8136f9dc7651ef61a568f2b

Analysis

max time kernel
194s
max time network
208s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 07:32

Target

bbe839ca33929ca9647a9859d055f1530470615ca8136f9dc7651ef61a568f2b.dll
Size

150KB
MD5

b7e1c8972a31614b5ab427dfeeecf43f
SHA1

8204050eb0fd959612391e1ed201c17536ca2d11
SHA256

bbe839ca33929ca9647a9859d055f1530470615ca8136f9dc7651ef61a568f2b
SHA512

86e1f3f720f39506940266fafadaebfaa328a0143b839dcc65e4f9ebd7ab85352acc6345c35c142e706fc9edbb84d78cf6d88f47fce4f4456f7b4cbe2165ee50
SSDEEP

1536:R2CcI9IJkuvfZ/AuwQRD+Oux3fJl8FeMxMJNII9sCDlhlrq5tF7fDpQQCR/V9f2R:y6yxvfGQRWqejHnlD2DMJfA+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 5116	3108	rundll32.exe	82
PID 3108 wrote to memory of 5116	3108	rundll32.exe	82
PID 3108 wrote to memory of 5116	3108	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe839ca33929ca9647a9859d055f1530470615ca8136f9dc7651ef61a568f2b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bbe839ca33929ca9647a9859d055f1530470615ca8136f9dc7651ef61a568f2b.dll,#1
  2⤵
  PID:5116

memory/5116-133-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download