b38743a41b01f4403c8f3eb10d93d2e4f366fe16ee1dca959b5d56ad3a3b73a4

Analysis

max time kernel
145s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2024 12:13

Target

5b35c5e48768b6366fc6b013f104a16a.dll
Size

24KB
MD5

5b35c5e48768b6366fc6b013f104a16a
SHA1

9e4b9dadbbb1893a0fbeb24c0f2a80b1fa499c10
SHA256

b38743a41b01f4403c8f3eb10d93d2e4f366fe16ee1dca959b5d56ad3a3b73a4
SHA512

4bf26b59960ef37103f92d2c2e7831e57923b97f57d2f42c6ea0a91f49a64cb1156f410100bffb70de706e4add71f47e4593c1d64c35b96d045e890cb4420c1d
SSDEEP

192:U6hKBtc0pWq8XHFY50hkc4HCl0P89qTlFIlFmDcCKpct5U9ZLHyA4sHSQ0Bc:UNCTq8XlY50hkciCZqpcCKpct54HTNGe

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 3412	4804	rundll32.exe	18
PID 4804 wrote to memory of 3412	4804	rundll32.exe	18
PID 4804 wrote to memory of 3412	4804	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b35c5e48768b6366fc6b013f104a16a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b35c5e48768b6366fc6b013f104a16a.dll,#1
  2⤵
  PID:3412