4bc1ba760092eb2329ef7bfcd334196e85585b5d164ec667721d01b85f947cf4

Analysis

max time kernel
152s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
05/12/2022, 11:41

Target

4bc1ba760092eb2329ef7bfcd334196e85585b5d164ec667721d01b85f947cf4.dll
Size

6KB
MD5

b3b362e90160545b85a12a596b433a80
SHA1

9160e006dd8202b687a1904f61dca7f66ee190de
SHA256

4bc1ba760092eb2329ef7bfcd334196e85585b5d164ec667721d01b85f947cf4
SHA512

467d5272dbc229d9f86848fc3564cbb2d6f58a8aaf34f7741abcdc555c95652a3cc692b4929ebcd10904160c96825da2c366e3f08fe81e6038fbc0a601763c08
SSDEEP

96:z0I9wZLrY0/kx+sNwlZ0QRBv2LMx2cXS0gBqTV:JKZjlZTRBv2ceqTV

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 1668	3668	rundll32.exe	78
PID 3668 wrote to memory of 1668	3668	rundll32.exe	78
PID 3668 wrote to memory of 1668	3668	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bc1ba760092eb2329ef7bfcd334196e85585b5d164ec667721d01b85f947cf4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bc1ba760092eb2329ef7bfcd334196e85585b5d164ec667721d01b85f947cf4.dll,#1
  2⤵
  PID:1668