b094665ec4cdca6d8e9b9f63d8d71b1b9263eda12f1fdd1d8aa820dbf4c231f6

Analysis

max time kernel
148s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 20:56

Target

Build/LB3_Rundll32.dll
Size

152KB
MD5

6af251afa3468ac14d63b0ee96acf337
SHA1

b9f28640e74b50a487c71b3d866a5a9905e79077
SHA256

d146fc2a8a8be652bbaaf711d3f4861de2f859192e8e90a8d03b6ffd4bcece46
SHA512

84a5958c0d46b464f1b5e6d3164b69533ca2950aa35df4fd36bbfbf479ef780fc619904a08d2bf65835a09552f0663c8847471b565859d84b684247a4eb3fe6b
SSDEEP

3072:1T0IRcT5h98vy7aF5y9vYNahEvM1kiXo7CAyXwptXpEKAoiO3pwBmrkllnYgrwoW:1T5CTL98vy7anEvY8hEvM1kiXolyXwpp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4284 wrote to memory of 948	4284	rundll32.exe	88
PID 4284 wrote to memory of 948	4284	rundll32.exe	88
PID 4284 wrote to memory of 948	4284	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Build\LB3_Rundll32.dll,#1
  2⤵
  PID:948