b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9

Analysis

max time kernel
53s
max time network
63s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
21-06-2023 21:59

Target

b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll
Size

831KB
MD5

30ce41719a73809302d8dd6e9bb0c24c
SHA1

705191371aeb7180dfe497732900bfd8ccb69b65
SHA256

b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9
SHA512

7befcefc3fccc947c7ddecdff15d3a1cfe8330441e99b9b76c273cdd72a284011157c00a1b9b45ba6f65e03bb07927fcd41bf81c7a86c46ad100a8f6ec47dca6
SSDEEP

24576:WxIMqwpB35MKFvQCa04XHaBWBxR7txDcPjBx:uFNpBpMKFvQCR4X6BWBx

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 816 wrote to memory of 4356	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 4356	816	rundll32.exe	rundll32.exe
PID 816 wrote to memory of 4356	816	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:816

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b4c333ea21e344225e385d84762a230951b78df195ebb82263ceeb7e800504e9.dll,#1
2⤵
PID:4356

memory/4356-133-0x00000000022F0000-0x00000000027A7000-memory.dmp

Filesize
4.7MB

Download
memory/4356-134-0x00000000022F0000-0x00000000027A7000-memory.dmp

Filesize
4.7MB

Download