f56453c9710922a4551d15c8c3ae6bc7c12ac09e344b2da10949f8200d815fd4

Analysis

max time kernel
126s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2023, 02:05

Target

f56453c9710922a4551d15c8c3ae6bc7c12ac09e344b2da10949f8200d815fd4.dll
Size

136KB
MD5

a383ee5c0cc003159cc041fd4c720147
SHA1

58c44f394832267d0a418bc1f6a456e7db55262e
SHA256

f56453c9710922a4551d15c8c3ae6bc7c12ac09e344b2da10949f8200d815fd4
SHA512

17e89c1c7542cc90a662ba2fe9bcfd2c5fa36882a0945d763a9f573350694b412c5fcae6ab5e6118dbbf1af5de7836dee06a43ec6ad702b2dd4f216b8083d407
SSDEEP

3072:krJR4exNw2x4UBd0oA6Ux2QsTfquKFexs:odNU/sTCui

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 4520	848	rundll32.exe	84
PID 848 wrote to memory of 4520	848	rundll32.exe	84
PID 848 wrote to memory of 4520	848	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f56453c9710922a4551d15c8c3ae6bc7c12ac09e344b2da10949f8200d815fd4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f56453c9710922a4551d15c8c3ae6bc7c12ac09e344b2da10949f8200d815fd4.dll,#1
  2⤵
  PID:4520