054516ec9653a0216348890d953c7367e441ec56311163ffac63b5c849237afd

Analysis

max time kernel
53s
max time network
61s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
22-06-2023 12:55

Target

libavdecoder.dll
Size

53KB
MD5

17b71bbb807e67a05b61a52ae5aff2b3
SHA1

9a19910ba6617d495fd333622829c4579881ed01
SHA256

f47c6f9fcd7eabffee074656a3dfea37f98f585aaf03f83a50922fc15258f1ef
SHA512

fe77fb06c22fb8320d79a2e36fde6dd0e93be5b98f8f6057eadbc9d6c5cee1762a2ce697be212100d17c4cea35072762b14fa32ca0a2b5da4189fc4e5d1ebed8
SSDEEP

768:AU/5uidbZtCRsk+CyciOS+KI0OmgUwwNcP3NLB3B9YvDPL/Y/Ty/EiU3qlm6W6ex:fIid3CRKX2wXMEhxOfwo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4756 wrote to memory of 4764	4756	rundll32.exe	78
PID 4756 wrote to memory of 4764	4756	rundll32.exe	78
PID 4756 wrote to memory of 4764	4756	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libavdecoder.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libavdecoder.dll,#1
  2⤵
  PID:4764