37b8420ef45e7cd6c1426388411beb301a2b2e59d8e83a68d0fcf06e4d7df6a2

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 16:13

Target

4152d00fe6e6fb2637f6207571a1eb63.dll
Size

72KB
MD5

4152d00fe6e6fb2637f6207571a1eb63
SHA1

bd433d41d04711b76084e996c5dcb753100788e8
SHA256

37b8420ef45e7cd6c1426388411beb301a2b2e59d8e83a68d0fcf06e4d7df6a2
SHA512

ced579aa67009aa30fe0b54fc8a4fcd7f0aa3b8679e65f9fc52a7fa1f020e31f23fb8d579466ce1985b4ead02275f2b7af757a18f66bf7654fcb4d9abb2449de
SSDEEP

1536:h9bCbsiv24gOona8jDZezTnr1seVJEoMJh6o+GS:h9bCbsivG37Ze2ebMJh6o+GS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2000 wrote to memory of 4280	2000	rundll32.exe	16
PID 2000 wrote to memory of 4280	2000	rundll32.exe	16
PID 2000 wrote to memory of 4280	2000	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4152d00fe6e6fb2637f6207571a1eb63.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4152d00fe6e6fb2637f6207571a1eb63.dll,#1
  2⤵
  PID:4280