5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
25/11/2022, 19:55

Target

5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2.dll
Size

164KB
MD5

87bd8c5f9da3c3fe4b58a9528280f595
SHA1

ddd6cf8bb2f06892a28ddf478e1f887a095acf77
SHA256

5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2
SHA512

ab2f66ddb808deb37111345a4ac742aefc850aaac90b2e961e7269dd1b6e3600cc1b7f0f8837d3cb04bd3dbaf1d63efc15fae11ecf2eb92bac94a58595922804
SSDEEP

3072:Gev4JC9CzfHkxfM3gXfRmo3FMlcBDIPoY:rv8zfC03tgcA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2564 wrote to memory of 1964	2564	rundll32.exe	78
PID 2564 wrote to memory of 1964	2564	rundll32.exe	78
PID 2564 wrote to memory of 1964	2564	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ba26fe304a15a4b6d1fe291ae0d41ac2c50f89e703beb57a4e7b821c1fd36c2.dll,#1
  2⤵
  PID:1964