d9b5c3163af09f147c989ebeb99127ecb2d58e9cbb9ece3d8914393fe1de95cd

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
23/01/2024, 13:35

Target

d9b5c3163af09f147c989ebeb99127ecb2d58e9cbb9ece3d8914393fe1de95cd.dll
Size

2.0MB
MD5

110bea9d0e5efae189f85b033f4569f9
SHA1

aa7cadc25bf9e298f3ee3c3e1697ad4ce1a47088
SHA256

d9b5c3163af09f147c989ebeb99127ecb2d58e9cbb9ece3d8914393fe1de95cd
SHA512

0ae77b25fbe32343a5924bd27b834df0072d7932905c0dab918e8915c75a29359c04d23f5d652c955dccc26d695ed77ce75569a385475d70038a61e72cbfd963
SSDEEP

49152:UzVwIxmLjm0KeZzAZV/19G9ZS22ns9KlSTvX:U5TxoDzmV/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 2220	4716	rundll32.exe	84
PID 4716 wrote to memory of 2220	4716	rundll32.exe	84
PID 4716 wrote to memory of 2220	4716	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9b5c3163af09f147c989ebeb99127ecb2d58e9cbb9ece3d8914393fe1de95cd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d9b5c3163af09f147c989ebeb99127ecb2d58e9cbb9ece3d8914393fe1de95cd.dll,#1
  2⤵
  PID:2220