b8252cda603072141ff5d2b83f6ac68069774a25b86fc62e47f7275cec0f29cb

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 15:32

Target

b7c00b9ac747f027e646673c6e8c2d8c.dll
Size

47KB
MD5

b7c00b9ac747f027e646673c6e8c2d8c
SHA1

aa0ae83c4b92c07745a271bd639c22f78b4a1053
SHA256

b8252cda603072141ff5d2b83f6ac68069774a25b86fc62e47f7275cec0f29cb
SHA512

c0a62d06e9d686c83317acb0b2bd2b5b2997fad67c3aa54da482df2a2ec67417919493c32fae3b525338177a653338a6ed3ac224a671033329c40bfc5f83583d
SSDEEP

768:dmpM8peLohboGvEHATCjMAWGSH8WtFGttC7bkb5VX1Uc9MDguE2JdZFkCMqrV:daHoHuCj/W5wtt8bk5t+dO2fsi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1864 wrote to memory of 740	1864	rundll32.exe	88
PID 1864 wrote to memory of 740	1864	rundll32.exe	88
PID 1864 wrote to memory of 740	1864	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7c00b9ac747f027e646673c6e8c2d8c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b7c00b9ac747f027e646673c6e8c2d8c.dll,#1
  2⤵
  PID:740