b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27

Analysis

max time kernel
146s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 07:52

Target

b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll
Size

359KB
MD5

3d4bf79c39faaa11489486ba2aa247b7
SHA1

15b8d466f4432d15eb916f9e7d6cc051e6f4e186
SHA256

b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27
SHA512

0c7508e078312bc3b9db4ae45ca720e9a2c2ab888b10e9a80d9e974ab46af79789770b9ed6cdd6a788bd5fb1bc423fdb358b74335fd36af2137ea609ed30892f
SSDEEP

6144:UgnZFLrVASXypQyp88zoddjo4vcVGEtcig4toN50zY6bTA/eklV5:zVAx88zoddj5c0bio26/pV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1356 wrote to memory of 1064	1356	rundll32.exe	85
PID 1356 wrote to memory of 1064	1356	rundll32.exe	85
PID 1356 wrote to memory of 1064	1356	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1356
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b90675156fc4440cd6b3f0d3bb4daad1b0733d8ff5e70451227e0ef005fd7f27.dll,#1
  2⤵
  PID:1064

memory/1064-133-0x0000000010000000-0x000000001005D000-memory.dmp

Filesize
372KB

Download
memory/1064-134-0x0000000002DA0000-0x0000000002EA0000-memory.dmp

Filesize
1024KB

Download
memory/1064-135-0x0000000002DA0000-0x0000000002EA0000-memory.dmp

Filesize
1024KB

Download