77f6d525a53891f2eaad8551d2088b9a56f9b1a3d9c89c07eee4df14220bb05e

Analysis

max time kernel
200s
max time network
225s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2024 08:00

Target

5004690562ade9b3bcdafa783fd3630a.dll
Size

13KB
MD5

5004690562ade9b3bcdafa783fd3630a
SHA1

757d84cd2578821437f9da7a1a06e5a661f604b0
SHA256

77f6d525a53891f2eaad8551d2088b9a56f9b1a3d9c89c07eee4df14220bb05e
SHA512

a9531233e40457707bc1dbd5d12c2df006835ad95a7f770f53fafba3f6c2ebc1c0bcc75f8f666e5b21e2e71ba7a06776476aadee23e8542428ed2e4a11ea03f6
SSDEEP

192:nWBJvbCodKTfl0fnH2p7I24XopU4bWt9Z+dL+J3HtXoa2d:WbWxT+up7IxYiD+du5a

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3452 wrote to memory of 2216	3452	rundll32.exe	85
PID 3452 wrote to memory of 2216	3452	rundll32.exe	85
PID 3452 wrote to memory of 2216	3452	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5004690562ade9b3bcdafa783fd3630a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3452
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5004690562ade9b3bcdafa783fd3630a.dll,#1
  2⤵
  PID:2216