b90c0b17646be158b50a0be8ae68164a8df05c06403aa1f2684919c22a3b3688

Analysis

max time kernel
134s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12/10/2023, 11:12

Target

b90c0b17646be158b50a0be8ae68164a8df05c06403aa1f2684919c22a3b3688.dll
Size

70KB
MD5

1debb42a0a15018eb50432529fe55e2e
SHA1

7da798c45dbf68ed5d3fde8d02f619a7f8b8d4c2
SHA256

b90c0b17646be158b50a0be8ae68164a8df05c06403aa1f2684919c22a3b3688
SHA512

90c32170ca4192ed119da4a1aba00368bec7aa346ca55ebc8ad5e27ecb8e48d2aaacf18f426d82d6e555162c16bcc1521f299a03154795a469bbebefe801e5fe
SSDEEP

1536:0ppzLd1gSeJ+w30dE1UTRILnAgI9uErs9Iz0RUHm7INk:kxduSeJ+wEhFILAuEgIwRUHmk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4224 wrote to memory of 4288	4224	rundll32.exe	83
PID 4224 wrote to memory of 4288	4224	rundll32.exe	83
PID 4224 wrote to memory of 4288	4224	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b90c0b17646be158b50a0be8ae68164a8df05c06403aa1f2684919c22a3b3688.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4224
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b90c0b17646be158b50a0be8ae68164a8df05c06403aa1f2684919c22a3b3688.dll,#1
  2⤵
  PID:4288