59db5f76f488af7883db9d8f87ff95f43105729083f07628c607fe9fd0f2e5c5

Analysis

max time kernel
121s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
16/11/2023, 14:44

Target

59db5f76f488af7883db9d8f87ff95f43105729083f07628c607fe9fd0f2e5c5.dll
Size

2.0MB
MD5

5337165603ae4d60d724798981e039c2
SHA1

c43de0636751e631e6e017eac9ce7f0cbca745bb
SHA256

59db5f76f488af7883db9d8f87ff95f43105729083f07628c607fe9fd0f2e5c5
SHA512

7bec523b45a2e8731a8a86722d6d0708f31439728b1b3233d510017f63132e4a37ab452dfdbb36ddd2c48d659e16173db5b362a9a530d85445fc74e7727b9e66
SSDEEP

49152:F0bxVqH+t6rw7AQ9RdkKFjk2Y/gCXPvxzK:F03si+k9cKFjAm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1364 wrote to memory of 4124	1364	rundll32.exe	54
PID 1364 wrote to memory of 4124	1364	rundll32.exe	54
PID 1364 wrote to memory of 4124	1364	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59db5f76f488af7883db9d8f87ff95f43105729083f07628c607fe9fd0f2e5c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1364
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59db5f76f488af7883db9d8f87ff95f43105729083f07628c607fe9fd0f2e5c5.dll,#1
  2⤵
  PID:4124