b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590

Analysis

max time kernel
97s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
04-05-2023 10:39

Target

b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590.dll
Size

220KB
MD5

33b67fc18f5cd5fffb39fb4911ea3931
SHA1

615dfe703858cdf566edd8f0a0d59a9a9ff20af4
SHA256

b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590
SHA512

841657c9d76ed12bc40ad012862f84b1c3a1915c3b27e7665512dc361ed9ad63b79ebed11921bebe4952b03f1233b866438afaef2fdc66b50fa0b544cfca69d4
SSDEEP

6144:tIIIIpzEtV8k+diK2+cEyecpAOGwvjECH:Lc8k+8KpfyFpMw7ECH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2000	2160	rundll32.exe	84
PID 2160 wrote to memory of 2000	2160	rundll32.exe	84
PID 2160 wrote to memory of 2000	2160	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5a399bbed8358f6052991b234b83201c9697afd28a5e7f8d7bc471fd64c4590.dll,#1
  2⤵
  PID:2000