fb61a6fef10b4e2f804c5275c59822e96789aafdbb84673eb9c650d085d3fac1

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
05-10-2023 18:48

Target

fb61a6fef10b4e2f804c5275c59822e96789aafdbb84673eb9c650d085d3fac1.dll
Size

2.0MB
MD5

3d2767038959d4b13f8f82f03bf98c30
SHA1

ec4515ac84f8e4bc073ea2998e04329a8ae88ecc
SHA256

fb61a6fef10b4e2f804c5275c59822e96789aafdbb84673eb9c650d085d3fac1
SHA512

a0a7073264874b55e16f5067ae25d6d1b58ed72b2d088782b7fbd001ccbb40f439c904ddc20fa43be6b8d5d409d995d562b6b2bff1dccb0fcd734e450681243e
SSDEEP

49152:4FIbdyf/vfyuEC3Gg+qlVi9/6pNMEhJL1Hvrz:QIbg/Xmg+qlVi9/6pvz

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 4332	4800	rundll32.exe	85
PID 4800 wrote to memory of 4332	4800	rundll32.exe	85
PID 4800 wrote to memory of 4332	4800	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb61a6fef10b4e2f804c5275c59822e96789aafdbb84673eb9c650d085d3fac1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fb61a6fef10b4e2f804c5275c59822e96789aafdbb84673eb9c650d085d3fac1.dll,#1
  2⤵
  PID:4332