b0696856b7d2897f2e19653e325425cc9d20f5a21be3e26ea8807f952633b034

Analysis

max time kernel
125s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
27/12/2022, 10:15

Target

b0696856b7d2897f2e19653e325425cc9d20f5a21be3e26ea8807f952633b034.dll
Size

614KB
MD5

5a9888ee85341df244d8eabc3c5e7ec3
SHA1

43222a835277d1a5bc49a0b2d4315e878a07f7f9
SHA256

b0696856b7d2897f2e19653e325425cc9d20f5a21be3e26ea8807f952633b034
SHA512

9d3867999bd4a85e781e29f6f64b1f444cc7e1f9f2f556634cb35a38b6a358c1c67d7e5e5fb78bfce792500d971eacfa4de5649e8c5ec73f64603abe292ba64f
SSDEEP

12288:XsOCxEFm1eYYBnXFZgrvQlFMyon0KksHAPrGSe2plG:HxWIlFsArVe2a

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4860	4656	rundll32.exe	81
PID 4656 wrote to memory of 4860	4656	rundll32.exe	81
PID 4656 wrote to memory of 4860	4656	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0696856b7d2897f2e19653e325425cc9d20f5a21be3e26ea8807f952633b034.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b0696856b7d2897f2e19653e325425cc9d20f5a21be3e26ea8807f952633b034.dll,#1
  2⤵
  PID:4860