e4d0bb804641ce95c83db355e0bad5cd84b2cc8260fc0c93ed214c228ebc374a

Analysis

max time kernel
141s
max time network
168s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 02:37

Target

005f13ab9e725cda97fffe3ad97d4e3f.dll
Size

56KB
MD5

005f13ab9e725cda97fffe3ad97d4e3f
SHA1

227652b44b60553304acacab23c4b2907c29c90b
SHA256

e4d0bb804641ce95c83db355e0bad5cd84b2cc8260fc0c93ed214c228ebc374a
SHA512

bae16c70bbaf16c8b33b4cca90f77d8d86c08fa7c6db06e9d1cc6a62b525dea6fc4bafa70a2937c856ae02018a00c6af87ded4b78d9f41336def54b8ef4d8954
SSDEEP

768:a6H3XznEFGKv5g4AyTxWqOaruIX4W2PVaIImoeaj5denMlRwrI09:nH3XXKRmyTxWqOaruIX4WWyne2CMlqD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1812 wrote to memory of 4420	1812	rundll32.exe	88
PID 1812 wrote to memory of 4420	1812	rundll32.exe	88
PID 1812 wrote to memory of 4420	1812	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\005f13ab9e725cda97fffe3ad97d4e3f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1812
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\005f13ab9e725cda97fffe3ad97d4e3f.dll,#1
  2⤵
  PID:4420