b3b4d4807d67a5e876ff38d658c2240a6ea31a2c027c7afdd2cc181c5c827e22

Analysis

max time kernel
150s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 01:18

Target

b3b4d4807d67a5e876ff38d658c2240a6ea31a2c027c7afdd2cc181c5c827e22.dll
Size

81KB
MD5

f5bedca9915e40b6649aa41ac0afae31
SHA1

9a6b0bea42203315d121c1f521ea6dd38d01794d
SHA256

b3b4d4807d67a5e876ff38d658c2240a6ea31a2c027c7afdd2cc181c5c827e22
SHA512

10e8254bb90487e2a26dfd3798be2cfa89b8fc174aa4da410470617212946044981ba012043c30e9e4c670f3ab366531904e157dabbe757c4dd72c3b939af59a
SSDEEP

1536:Dc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+GM:Q+5oxmqAiR8+/RBkez0U+T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 656 wrote to memory of 3984	656	rundll32.exe	85
PID 656 wrote to memory of 3984	656	rundll32.exe	85
PID 656 wrote to memory of 3984	656	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3b4d4807d67a5e876ff38d658c2240a6ea31a2c027c7afdd2cc181c5c827e22.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:656
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b3b4d4807d67a5e876ff38d658c2240a6ea31a2c027c7afdd2cc181c5c827e22.dll,#1
  2⤵
  PID:3984