b9077f4e7b551a6576282fd0c7b93ae36d709fc8dc515afd09f4e2a8bbfa5ddf

Analysis

max time kernel
168s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 12:51

Target

b9077f4e7b551a6576282fd0c7b93ae36d709fc8dc515afd09f4e2a8bbfa5ddf.dll
Size

2.0MB
MD5

27d938fc7ba5e7e114c5fd81cd6673d7
SHA1

ad0a0e882e63c05cd0ecf69a6437d30841ab4957
SHA256

b9077f4e7b551a6576282fd0c7b93ae36d709fc8dc515afd09f4e2a8bbfa5ddf
SHA512

5f66231b64f0915c4599e89ddddbb9dcf0f11ad612973f253ebc4461a5af01a7ab9dcaeabe80f9f66205ed6ce02a587f391b9bfc4eaad6535c601e4f3ed03b7e
SSDEEP

49152:F0bxVqH+t6rw7AQ9R0pKFlk2Y/gCXPvxzI:F03si+k9AKFlAE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 4832	4668	rundll32.exe	85
PID 4668 wrote to memory of 4832	4668	rundll32.exe	85
PID 4668 wrote to memory of 4832	4668	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9077f4e7b551a6576282fd0c7b93ae36d709fc8dc515afd09f4e2a8bbfa5ddf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b9077f4e7b551a6576282fd0c7b93ae36d709fc8dc515afd09f4e2a8bbfa5ddf.dll,#1
  2⤵
  PID:4832