4b2e1baebfe04cb86c9690d4d5eadb7e537279caffd3738373a91e81cab7f739

Resubmissions

20-11-2023 06:45

19-11-2023 02:12

max time kernel
132s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
19-11-2023 02:12

Target

5e12c313a6acc3324af1a3e8edf060338b3e8432e031e4fda7d3787b5119683f.dll
Size

1.6MB
MD5

7692f2a72e44e0784d2efcc0bc14428d
SHA1

a45d24c73f7d24c256f811d180d58ad7471a7faa
SHA256

5e12c313a6acc3324af1a3e8edf060338b3e8432e031e4fda7d3787b5119683f
SHA512

a6181b8668606ec1571ac01052ce09456f884aeefabca85f850366a68550a810e5a3a39943cb79bf0e85fe63d2a125afaad2fb6a1bf33ffadd354b3537c7eff3
SSDEEP

24576:JeC6d4Qm5o9dF1rT/ygBLOiaucihUZ5tU80IYabEnNSeyPUFrPmnrw13QiGGAK8Z:IvZ9djrT/HLlvIYabSymLyQYGAHgO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5072 wrote to memory of 4696	5072	rundll32.exe	86
PID 5072 wrote to memory of 4696	5072	rundll32.exe	86
PID 5072 wrote to memory of 4696	5072	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e12c313a6acc3324af1a3e8edf060338b3e8432e031e4fda7d3787b5119683f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5072
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e12c313a6acc3324af1a3e8edf060338b3e8432e031e4fda7d3787b5119683f.dll,#1
  2⤵
  PID:4696