5f5b100a8f1406f09f6f697284eca16d4cd4e083c7b69c658c067ff1277c2ee5

Analysis

max time kernel
160s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
29/11/2022, 04:26

Target

5f5b100a8f1406f09f6f697284eca16d4cd4e083c7b69c658c067ff1277c2ee5.dll
Size

5KB
MD5

90c97d4f1d82349afc5c5dc755cc1540
SHA1

74d983e01b95fd5ce306ed2b497c906ca0127961
SHA256

5f5b100a8f1406f09f6f697284eca16d4cd4e083c7b69c658c067ff1277c2ee5
SHA512

a82203e40ea53b4990b871d9d9c23b84a7dab0c4f2402f16ccb49ba8cd588a76063d58f23c14376a1a1e6e9c61400185b33a70c5d205742d6076b3944ecbdeef
SSDEEP

96:nEY2RrF1eqwi49QvbfsfaoXBAQiE9ommI13GW0:EHRh1epp9EMa2BAfB5W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2604 wrote to memory of 4056	2604	rundll32.exe	45
PID 2604 wrote to memory of 4056	2604	rundll32.exe	45
PID 2604 wrote to memory of 4056	2604	rundll32.exe	45

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f5b100a8f1406f09f6f697284eca16d4cd4e083c7b69c658c067ff1277c2ee5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2604
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5f5b100a8f1406f09f6f697284eca16d4cd4e083c7b69c658c067ff1277c2ee5.dll,#1
  2⤵
  PID:4056