5f837af331a09a01f47e6b00628d4cc4f2936713940e709f1d885ab3a0f35076

Analysis

max time kernel
88s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 12:49

Target

7a4cb33f3acdc9c2ff16cc82a76355df.dll
Size

84KB
MD5

7a4cb33f3acdc9c2ff16cc82a76355df
SHA1

152114afc119d14b029fb07975fea9ddf0ccfdf8
SHA256

5f837af331a09a01f47e6b00628d4cc4f2936713940e709f1d885ab3a0f35076
SHA512

e2d4d6f3b79435c67697b4bb72fcabbf186c6a5453b4b2ed75eecef7c5f8a71c2ab73dbb3b05849f76e52335d357131541c6774ca2497cc6e1664a1ee6c83003
SSDEEP

1536:CE/S54KsMeS+5bCLNok1Ri64uUlJIdqFruT4nchSyelV8oV:CE6veSsbC2yCIdqFruT4n2jelGW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 1748	5008	rundll32.exe	49
PID 5008 wrote to memory of 1748	5008	rundll32.exe	49
PID 5008 wrote to memory of 1748	5008	rundll32.exe	49

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a4cb33f3acdc9c2ff16cc82a76355df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a4cb33f3acdc9c2ff16cc82a76355df.dll,#1
  2⤵
  PID:1748