4c5a21f584e69d63b723387c62927e40fb404a1728599996ec430af49f73f1eb

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
24/11/2023, 01:03

Target

4c5a21f584e69d63b723387c62927e40fb404a1728599996ec430af49f73f1eb.dll
Size

699KB
MD5

0d7a017978af42d2f2c47f912fd79af5
SHA1

34504bdc64f3edd71d1127d6901665c207267c75
SHA256

4c5a21f584e69d63b723387c62927e40fb404a1728599996ec430af49f73f1eb
SHA512

8cafff5f09cf9497208779c70b15ef727a9cc0014de19c739aea9d62a4ebcd6ca9f77af252264049f4af83bd19f9cb481026400c9cf346baa3c97b77c102c241
SSDEEP

12288:yHo/ZMLqqVosEtF5AvoaiOb3fn8C22jOV3fMFrfPTf:N/ZMLLVG5AvoaiOb3UC22jOV3fMFrfPL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3796 wrote to memory of 1720	3796	rundll32.exe	83
PID 3796 wrote to memory of 1720	3796	rundll32.exe	83
PID 3796 wrote to memory of 1720	3796	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c5a21f584e69d63b723387c62927e40fb404a1728599996ec430af49f73f1eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c5a21f584e69d63b723387c62927e40fb404a1728599996ec430af49f73f1eb.dll,#1
  2⤵
  PID:1720