f7bb676c2e89172fdc893b765adb989ed14be7417833eae743b7edc59dd6a48f

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 07:06

Target

775d1525f5557ac4ba54ef9c61fa3a8a.dll
Size

180KB
MD5

775d1525f5557ac4ba54ef9c61fa3a8a
SHA1

de6fdb9bbe1d9bf80a956d293d0e0eebfa345662
SHA256

f7bb676c2e89172fdc893b765adb989ed14be7417833eae743b7edc59dd6a48f
SHA512

f09a04fff9ca98f0400fb174151ceda751c41e58b242cb5b7c0150101a78bb1af4846bc76646a06c5519d6a6429122dea928d52c477b1abe0f36ba522f8a7d6f
SSDEEP

3072:DUJs5eV8cbGeOTbLz0H56hk2y+sQvVqRlkM4OAD/KLznBuB2JA2BjTjYtA:gzVdGeOTPz0gh3sQvMRlkM4RD/qzMfUh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1756 wrote to memory of 4264	1756	rundll32.exe	49
PID 1756 wrote to memory of 4264	1756	rundll32.exe	49
PID 1756 wrote to memory of 4264	1756	rundll32.exe	49

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\775d1525f5557ac4ba54ef9c61fa3a8a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\775d1525f5557ac4ba54ef9c61fa3a8a.dll,#1
  2⤵
  PID:4264