512957474110ea9f78f83851150804eca7d1bd716fe6b60450838c14efaf2b6b

Analysis

max time kernel
90s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 18:54

Target

512957474110ea9f78f83851150804eca7d1bd716fe6b60450838c14efaf2b6b.dll
Size

190KB
MD5

e5897455d40c127318fd44cc15d073b4
SHA1

f0060f468916874bc0211173424cd50949c9097d
SHA256

512957474110ea9f78f83851150804eca7d1bd716fe6b60450838c14efaf2b6b
SHA512

e2bbb2557d7d05a372eabb4a66e198d9d2ccf25d08e61c77fbc06bc4cb64389f8e19a588cb6772a5c0426ef8b7972d1627577e2d29c7c8172f224cc6b9ec97be
SSDEEP

3072:KU/ib03IbHlaOswOWE8Voluv9Rjk0V0YOEG4r27Cw:KU/i9bHla/5WBClubjkQOEG4r27

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4632 wrote to memory of 4444	4632	rundll32.exe	29
PID 4632 wrote to memory of 4444	4632	rundll32.exe	29
PID 4632 wrote to memory of 4444	4632	rundll32.exe	29

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\512957474110ea9f78f83851150804eca7d1bd716fe6b60450838c14efaf2b6b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4632
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\512957474110ea9f78f83851150804eca7d1bd716fe6b60450838c14efaf2b6b.dll,#1
  2⤵
  PID:4444