09932e40e35ff85b5ca5686a9726805e469721f1aa1eb23b7098c0c9a1a545fa

Analysis

max time kernel
147s
max time network
11s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
06/01/2024, 08:49

Target

45ce1855535d9b08cd35aa7d0f0decbe.dll
Size

112KB
MD5

45ce1855535d9b08cd35aa7d0f0decbe
SHA1

f112fba3a2ecd50f7376df87a7bd6cca68a61ac4
SHA256

09932e40e35ff85b5ca5686a9726805e469721f1aa1eb23b7098c0c9a1a545fa
SHA512

7b4d226ba7524abd30a2bb7160d5b745007720956ea372b51d715406c3a4a189eaf0eec03318c040b4dd27e8a0dadc1502eb75d9477a2fd525bc86d66489e7fe
SSDEEP

1536:x4qsr1OtswJe8pKyH4WFWnhWXES2hNFwXc+fLVf8n+2ShrvXirPNBKYtS3:xLqxhhRFwXRfLN8n+R+rPNBKYtS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 628 wrote to memory of 1976	628	rundll32.exe	14
PID 628 wrote to memory of 1976	628	rundll32.exe	14
PID 628 wrote to memory of 1976	628	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45ce1855535d9b08cd35aa7d0f0decbe.dll,#1
1⤵
PID:1976

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\45ce1855535d9b08cd35aa7d0f0decbe.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:628