b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c

Analysis

max time kernel
151s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 01:58

Target

b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll
Size

118KB
MD5

67559a205b06a4a2cfae190537a6de20
SHA1

877a1e066b4419b41a58fd02f4da4c96d2e850c0
SHA256

b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c
SHA512

d355e30a9dbbc846572a5856caa0b0b84e3b91bbc66ac77fb8bee760f4723bc3acd1434b89987a7d9469aab452a687bcd3a687b5bc801025d092aab722aef584
SSDEEP

3072:+DAX6MA0YlhvNbw9OXRZcRSoLydoPfZYIBUTNo:KAXXilwQZQrLyiPRYIBko

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 2808	1276	rundll32.exe	83
PID 1276 wrote to memory of 2808	1276	rundll32.exe	83
PID 1276 wrote to memory of 2808	1276	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b34f5dc2021e308d40606987492b8e2d41a628c0ce012fb376c9f0e3da48d68c.dll,#1
  2⤵
  PID:2808