dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd

Analysis

max time kernel
186s
max time network
255s
platform
windows10-1703_x64
resource
win10-20231025-en
resource tags

arch:x64arch:x86image:win10-20231025-enlocale:en-usos:windows10-1703-x64system
submitted
15/11/2023, 13:19

Target

Protect544cd51a.dll
Size

742KB
MD5

544cd51a596619b78e9b54b70088307d
SHA1

4769ddd2dbc1dc44b758964ed0bd231b85880b65
SHA256

dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd
SHA512

f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719
SSDEEP

12288:wCMz4nuvURpZ4jR1b2Ag+dQMWCD8iN2+OeO+OeNhBBhhBBgoo+A1AW8JwkaCZ+36:wCs4uvW4jfb2K90oo+C8JwUZc0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2776 wrote to memory of 4328	2776	rundll32.exe	70
PID 2776 wrote to memory of 4328	2776	rundll32.exe	70
PID 2776 wrote to memory of 4328	2776	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2776
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll,#1
  2⤵
  PID:4328