b9a777587fe9dbeb78ba54a22ca3f385d9f381558c9bae127b662735ecba7fa5

Analysis

max time kernel
146s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 09:37

Target

5038217ae905d8a3642d16c627d26cd2.dll
Size

32KB
MD5

5038217ae905d8a3642d16c627d26cd2
SHA1

ac6370dc25b03d8fcbb6b0db2507890b3b896f62
SHA256

b9a777587fe9dbeb78ba54a22ca3f385d9f381558c9bae127b662735ecba7fa5
SHA512

b4c4e114c478a32b3d86a10ee74adf17535350ad5f0ec72d571be667cb640495e20970158e1676f59a28cb8d9efe9b7f5691aa02da1ba7a05f4fc6c0805d86eb
SSDEEP

768:17FFX0ogrmCSc19EkWQ75MM+li34iDzhqDFRWaXO:17F1gr0c19d75MVlhCkxRWa+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4872 wrote to memory of 2076	4872	rundll32.exe	14
PID 4872 wrote to memory of 2076	4872	rundll32.exe	14
PID 4872 wrote to memory of 2076	4872	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5038217ae905d8a3642d16c627d26cd2.dll,#1
1⤵
PID:2076

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5038217ae905d8a3642d16c627d26cd2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4872