2badc4d22aa31a936d9a0eca5d316fbdda0cfd46f6980c146fe5a729107e0995

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
07/01/2024, 16:22

Target

4977e0389f104ba95a588d3584a117ec.dll
Size

4KB
MD5

4977e0389f104ba95a588d3584a117ec
SHA1

447a521e062eebbdfc6c7550099dd97ecfd3c3e6
SHA256

2badc4d22aa31a936d9a0eca5d316fbdda0cfd46f6980c146fe5a729107e0995
SHA512

1f72c35669557941c4aa64b4bfbbac555b67da46f3ed9f22e818390988d9d6a90172c0c7ad9576a93ce30e9fb69281a725df4a3036419e6ac7f753a667a583d9
SSDEEP

48:a5z4K+cmATmRYoRZCTJzJ8l/QKKMsCkykd30eZL78C450F:MTWnRZ0lJ+Xbfkdzh8C45q

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 4700	1552	rundll32.exe	84
PID 1552 wrote to memory of 4700	1552	rundll32.exe	84
PID 1552 wrote to memory of 4700	1552	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4977e0389f104ba95a588d3584a117ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4977e0389f104ba95a588d3584a117ec.dll,#1
  2⤵
  PID:4700