b729d61e934266063f1bd0913630e7f3b67032ff03b521e3fde8d10292f105d2

Analysis

max time kernel
141s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20-12-2023 10:26

Target

b729d61e934266063f1bd0913630e7f3b67032ff03b521e3fde8d10292f105d2.dll
Size

441KB
MD5

97d09d1129c862a6a2be44589e33ccca
SHA1

5e5f39e87d2289fe8969d2d4b6d88c944e6ffd00
SHA256

b729d61e934266063f1bd0913630e7f3b67032ff03b521e3fde8d10292f105d2
SHA512

9963110c537ccb04f45547fe90191b18ff996d12fc93b8766ba31f6d99b1aa1dfad162a47f8131506f9020ad85696ffcb684b8a85372c7ff7340c9b5349b2f18
SSDEEP

6144:7ZOVCWiOlaUOz3kuFv0t79WaJkwmdwk1JTmgBLeBe5OV4W/Xbz:lOVfivk6v0t7W1oEot

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 1364	4668	rundll32.exe	86
PID 4668 wrote to memory of 1364	4668	rundll32.exe	86
PID 4668 wrote to memory of 1364	4668	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b729d61e934266063f1bd0913630e7f3b67032ff03b521e3fde8d10292f105d2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b729d61e934266063f1bd0913630e7f3b67032ff03b521e3fde8d10292f105d2.dll,#1
  2⤵
  PID:1364