115aaf8823403ae5c858e76fc8f98dc8cfd9c9766e92a87ed8b5d64ecb64da7c

Analysis

max time kernel
149s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 00:02

Target

51fc987a2fdbd70eefde9413e936204d.dll
Size

136KB
MD5

51fc987a2fdbd70eefde9413e936204d
SHA1

538999f0ee5bf4bc0a786917e5075bdd20c512c6
SHA256

115aaf8823403ae5c858e76fc8f98dc8cfd9c9766e92a87ed8b5d64ecb64da7c
SHA512

6a442dd505f8d241876a5ecaf743f39735b2e3f963392839cc83cadb99c565b2d05ee1388144bfe40ae807eb2026dfcc1dcee6ee72f85966231c494d7e5cbf77
SSDEEP

1536:bB8oI7VeNzqrh28H16pNyyDIkGkXQjC+ncb65nsWjcdKgvJTzyP/yQ:bCN7VsV7NTAW+SKgvJTuP/J

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4460 wrote to memory of 1608	4460	rundll32.exe	14
PID 4460 wrote to memory of 1608	4460	rundll32.exe	14
PID 4460 wrote to memory of 1608	4460	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\51fc987a2fdbd70eefde9413e936204d.dll,#1
1⤵
PID:1608

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\51fc987a2fdbd70eefde9413e936204d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4460