e6a052288d115e08e1d381b1e65f1e144d7b1d7ace5c258ac9dddf18f1f0a424

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
11/01/2024, 15:25

Target

53e228153684895f5d84bad059eac346.dll
Size

199KB
MD5

53e228153684895f5d84bad059eac346
SHA1

e97d5273c220653e8207fd5e8780ff66e76dbe80
SHA256

e6a052288d115e08e1d381b1e65f1e144d7b1d7ace5c258ac9dddf18f1f0a424
SHA512

2796a17a5896d74570445c68de19304b9c63677eef600205d2b3de541af75c94088f125c91daf4852a75ccc33087c9f84f738a6784011cd5b6d2bdb740910c87
SSDEEP

3072:o8SsFWPLMXHokWsGdXEj8TCmnsZIKE5H8QGVIghC+VYk9uoaAbi7MoO04:o8SFYj/YsKKE5H0V3uk91aAbi7K04

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4184 wrote to memory of 1832	4184	rundll32.exe	64
PID 4184 wrote to memory of 1832	4184	rundll32.exe	64
PID 4184 wrote to memory of 1832	4184	rundll32.exe	64

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\53e228153684895f5d84bad059eac346.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\53e228153684895f5d84bad059eac346.dll,#1
  2⤵
  PID:1832