42a0a77d26cf2e15e0273fdf7dcc749b8777801c913ed559660ecf99b02a51e7

Analysis

max time kernel
150s
max time network
163s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 06:31

Target

59bcf3ffb7bb646d5daf4717886e0e53.dll
Size

156KB
MD5

59bcf3ffb7bb646d5daf4717886e0e53
SHA1

33ad373f7b25519db7924db899580abc77700d1e
SHA256

42a0a77d26cf2e15e0273fdf7dcc749b8777801c913ed559660ecf99b02a51e7
SHA512

444cc627e64380c4f7fe40051001063405468dbe2f484c7a11f11ab298f2395059edb3f89bb222d08fdcd8a8b0a47c5f18206d98a8506c4d1371bfc1ff762c6f
SSDEEP

3072:s1LE8flJGokCVARkV517lP2MbEdL8Rrpf30cIFxWSnbkbyPOUrMiPGp2G08zOlVE:7OG94517lOMEERNIFx2N2IzOlVqj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5048 wrote to memory of 2904	5048	rundll32.exe	88
PID 5048 wrote to memory of 2904	5048	rundll32.exe	88
PID 5048 wrote to memory of 2904	5048	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bcf3ffb7bb646d5daf4717886e0e53.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5048
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\59bcf3ffb7bb646d5daf4717886e0e53.dll,#1
  2⤵
  PID:2904