b02da5bbe22bc602968a3993c4e0ffbdfe49c72c13299950e83dfbe46dbbe2b1

Analysis

max time kernel
245s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06/12/2022, 17:58

Target

b02da5bbe22bc602968a3993c4e0ffbdfe49c72c13299950e83dfbe46dbbe2b1.dll
Size

25KB
MD5

efe2e62ab477525c56ce0b683ce55cec
SHA1

b0569d60f9e84e6249c9fe5bee25a53a146ff706
SHA256

b02da5bbe22bc602968a3993c4e0ffbdfe49c72c13299950e83dfbe46dbbe2b1
SHA512

1324fbc13e49d32d87570d4be3af88dfa5ebc8183c77927fc0c55aefa0f6f46f2210766ea3fe7a0286f280cfb3ef56748366bb7fdebc0d365d31c02bef8fa453
SSDEEP

384:OTgxz0CZwDqd+1NbQKI73cDDr5tCz19RZ4/kOHcCRKqZ0tXAzXgEANkU3:6lCZiqdSVQv7MD35tCz1QRc+w7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2052 wrote to memory of 3056	2052	rundll32.exe	82
PID 2052 wrote to memory of 3056	2052	rundll32.exe	82
PID 2052 wrote to memory of 3056	2052	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b02da5bbe22bc602968a3993c4e0ffbdfe49c72c13299950e83dfbe46dbbe2b1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b02da5bbe22bc602968a3993c4e0ffbdfe49c72c13299950e83dfbe46dbbe2b1.dll,#1
  2⤵
  PID:3056