7091ad455cb74b4651b71f37b542bcf12cb14d41ea1fd0e12ea53fd744c7f856

Analysis

max time kernel
166s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 03:58

Target

4f8471592abb3452062cb367d9971e74.dll
Size

44KB
MD5

4f8471592abb3452062cb367d9971e74
SHA1

a68759769ed761e0c948a58612e5ed7f7f1d7038
SHA256

7091ad455cb74b4651b71f37b542bcf12cb14d41ea1fd0e12ea53fd744c7f856
SHA512

74c1ac5b911ed7d59ec05f82a6ca13fe774b7951c7acbc8f77b2889024904ef6fc5f64b8043ad2611e7b32d5d66e94cb636aaa1a69a0d8ba685c74c9b55715e8
SSDEEP

384:58EBxmzi9/ThiISTM804TAwASKMml271SEYhhGNOyfDkw2suYoVTTU+dlMnqTRv:58E4mh5B804TA5Sj1FQhGUSF9VUT3lM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5028 wrote to memory of 4712	5028	rundll32.exe	90
PID 5028 wrote to memory of 4712	5028	rundll32.exe	90
PID 5028 wrote to memory of 4712	5028	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f8471592abb3452062cb367d9971e74.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5028
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4f8471592abb3452062cb367d9971e74.dll,#1
  2⤵
  PID:4712