b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249

Analysis

max time kernel
90s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 02:06

Target

b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249.dll
Size

41KB
MD5

64d714883b108f5e19ebf31d5008fcfe
SHA1

c0c0589a9544c3078e81a266a035c5b5489bccb1
SHA256

b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249
SHA512

a9839e48559b089fd3f22f562d8fd33a8cf27ae31ce8244eb8514e041b8b759739fc3f8c304a740f0052f2f0221de166b1b3ded98cee9d623e128bd6e79db526
SSDEEP

384:yWlbqr/fxQ0M9c9XNFtgHw36jYg2IIC3G974sD/77quBFdAAg+awpJKRkWXypTCv:HqbpQ0nPK6ID3Gj/7Hh2+hP6kWBJRoe

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4316 wrote to memory of 4792	4316	rundll32.exe	81
PID 4316 wrote to memory of 4792	4316	rundll32.exe	81
PID 4316 wrote to memory of 4792	4316	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4316
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b169fe4243e4ee1dafd4077eabcfb1dc22715762aad0a24927d8909c03bc4249.dll,#1
  2⤵
  PID:4792