1ba5f45a6611debd9d1052eab88dbc0f1854cca87dd2dfbb1256ac93116578a4

Analysis

max time kernel
156s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 03:26

Target

50325ed8e8b64792d69b9feac76d6470.dll
Size

192KB
MD5

50325ed8e8b64792d69b9feac76d6470
SHA1

3b7497f6d047690a1c95293faa2d76a7b3d67cbb
SHA256

1ba5f45a6611debd9d1052eab88dbc0f1854cca87dd2dfbb1256ac93116578a4
SHA512

884fe3960e0da29137daef57fd2658e23f8fe4d420d0de89ecd8656581c9f554e000635334ce2bb52f60914cbb0fbdb9e3adc8fb0568dfa64d68ac0e0552fe07
SSDEEP

3072:FNbpOnPsGqQTruHLD7RcQxKrrdNU0VAtrOpOOWxOv4Kn7qbjx7T/Hrmq:FNbqaLD7RcukVAtSQOWcgWqbV77Lmq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1420 wrote to memory of 3384	1420	rundll32.exe	88
PID 1420 wrote to memory of 3384	1420	rundll32.exe	88
PID 1420 wrote to memory of 3384	1420	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50325ed8e8b64792d69b9feac76d6470.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1420
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50325ed8e8b64792d69b9feac76d6470.dll,#1
  2⤵
  PID:3384