b4e1a92e7844fe03723dbd00b73f1a1fe2d860fef4de2068a9d5f6c8414e6445

Analysis

max time kernel
140s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 02:15

Target

7be287bc8db27130958c095050b610cb.dll
Size

73KB
MD5

7be287bc8db27130958c095050b610cb
SHA1

339158819406e96ab96e1f869e52e955f179aad9
SHA256

b4e1a92e7844fe03723dbd00b73f1a1fe2d860fef4de2068a9d5f6c8414e6445
SHA512

ce82960def0eb6aa4ee90bec94f2b5396ca4743c976a80695abad9178cef5e06330143ab86b29115b0649c525f450a0d8162f27ef1f6e316b03d6d85b39050fd
SSDEEP

1536:qRQtfuQCsB9wSuiR07ytBJtUIyAKea9EhipPlGi7H:ukm+GdiR07ytxhg9Ehu9GiD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4708 wrote to memory of 4368	4708	rundll32.exe	85
PID 4708 wrote to memory of 4368	4708	rundll32.exe	85
PID 4708 wrote to memory of 4368	4708	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7be287bc8db27130958c095050b610cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7be287bc8db27130958c095050b610cb.dll,#1
  2⤵
  PID:4368