90f0f379b022373f9160cb42365c04fe5300e0153cadef7cc17aa6e643ded540

Analysis

max time kernel
93s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
20/12/2023, 00:26

Target

90f0f379b022373f9160cb42365c04fe5300e0153cadef7cc17aa6e643ded540.dll
Size

135KB
MD5

1d75bae0d8637d7df63c13bd53252327
SHA1

04b3aa844a0c65bb6b46e56ea4c01afb11be43d2
SHA256

90f0f379b022373f9160cb42365c04fe5300e0153cadef7cc17aa6e643ded540
SHA512

5c7a22c815c268c6986f775760070fbbac90a44b9c03758d4da65fc1bdb19ff6a6823a9e455745076d574527445eac5d1def2a2abbb6a53d822e83c84ca13cf4
SSDEEP

1536:MbrEE0yx0VbCeO0ZJa+Kd5ldUGPvqGFUdbkTYK2Uk/J/J/muiqtbAQDo:MbmLO0ZJaBdLdvqGF6+P2UkRReat/0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1204 wrote to memory of 1032	1204	rundll32.exe	57
PID 1204 wrote to memory of 1032	1204	rundll32.exe	57
PID 1204 wrote to memory of 1032	1204	rundll32.exe	57

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\90f0f379b022373f9160cb42365c04fe5300e0153cadef7cc17aa6e643ded540.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1204
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\90f0f379b022373f9160cb42365c04fe5300e0153cadef7cc17aa6e643ded540.dll,#1
  2⤵
  PID:1032