5ecb9d62d1bc97782d61fa5936703a182afdcf4bf9b83778d5e0df7fbc933a95

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 09:56

Target

58a157dac27842c1a3bf50a670e6d521.dll
Size

90KB
MD5

58a157dac27842c1a3bf50a670e6d521
SHA1

98ac97ece4e8884fde98154ebc43d9b22b40553a
SHA256

5ecb9d62d1bc97782d61fa5936703a182afdcf4bf9b83778d5e0df7fbc933a95
SHA512

dfef086becf5cd43dbed240feb270ee33b984651307bd9a6ccb17cda11294711a8173b3c54de6fee11de67e77e7c8d97968f98be4d0797ad19082d84bcd1af60
SSDEEP

1536:Cj65+Wq01iO2JuwHHDBbtmzaD4PcDrINB6nr8JLeUFC/h:a67BfriH1bw+kP3rfFCZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3896 wrote to memory of 4796	3896	rundll32.exe	89
PID 3896 wrote to memory of 4796	3896	rundll32.exe	89
PID 3896 wrote to memory of 4796	3896	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58a157dac27842c1a3bf50a670e6d521.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3896
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58a157dac27842c1a3bf50a670e6d521.dll,#1
  2⤵
  PID:4796