bfbe07ed903d820af2c9fa0cc2caaa3986855ad818956746d047596f5cc1dc17

Analysis

max time kernel
182s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
07/12/2022, 03:24

Target

bfbe07ed903d820af2c9fa0cc2caaa3986855ad818956746d047596f5cc1dc17.dll
Size

367KB
MD5

2047be3e737144fa13421b7c3de2ef60
SHA1

258afcbef4c4d2e6768baa533cb3b7c06c75d09a
SHA256

bfbe07ed903d820af2c9fa0cc2caaa3986855ad818956746d047596f5cc1dc17
SHA512

bd44c571b5e1c3a010e15105cd2c77a2d0f71a0c9e814970a7a90e016d9ccc97294d544ffc42c7aec4ab6ada88fba473cfdd8e9d738d72588ab7bcbec02b7653
SSDEEP

6144:lVHh/qZMKxSNODhDXaG6t+EdaCBIAfQY/6ozNBemAiD1ivwhOL6iRaZKKeQvt:lVBSf6O0GA0CBIAYYJ/emAipomiRg5V

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 528 wrote to memory of 452	528	rundll32.exe	82
PID 528 wrote to memory of 452	528	rundll32.exe	82
PID 528 wrote to memory of 452	528	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfbe07ed903d820af2c9fa0cc2caaa3986855ad818956746d047596f5cc1dc17.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bfbe07ed903d820af2c9fa0cc2caaa3986855ad818956746d047596f5cc1dc17.dll,#1
  2⤵
  PID:452

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 452 -ip 452
1⤵
PID:220