b5345ea824db299c8a853545861c93675a25e8774710eed1a4e58ebff497e684

Analysis

max time kernel
56s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11-10-2023 09:02

Target

b5345ea824db299c8a853545861c93675a25e8774710eed1a4e58ebff497e684.dll
Size

2.0MB
MD5

0ca731b6228ea0447111448cea1910af
SHA1

ad3ba3c2c21d80a99522ce3fb42d16a25db68b7b
SHA256

b5345ea824db299c8a853545861c93675a25e8774710eed1a4e58ebff497e684
SHA512

6813976f75f426d91098e6394a2f7ed9f2b0f7acbc374c02909664b31857f0fc3d82d3b294cd0869a56732159ac73578febc1fece0228cf24d10404c04d3bec7
SSDEEP

24576:YSdgnW4B3ICkLK9QZt0LKd939n7/f78q7hbV+COsmKF5mbNM9c7XcWTW29ROevzd:Dgb3Ie9QZt0M5Vjx2KFXcrrF9ROevzhr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4924 wrote to memory of 4448	4924	rundll32.exe	86
PID 4924 wrote to memory of 4448	4924	rundll32.exe	86
PID 4924 wrote to memory of 4448	4924	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5345ea824db299c8a853545861c93675a25e8774710eed1a4e58ebff497e684.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5345ea824db299c8a853545861c93675a25e8774710eed1a4e58ebff497e684.dll,#1
  2⤵
  PID:4448