e5db7dafb8b3ea3403cab6db5fd1f0fae893554b8d40ab7202de43014b5644f3

Analysis

max time kernel
91s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/02/2024, 22:46

Target

9a1cb57cf273e41727d83b5987e04e38.dll
Size

101KB
MD5

9a1cb57cf273e41727d83b5987e04e38
SHA1

bf6022812d4fcc6f1575e3d52e179b1e98ad9b2b
SHA256

e5db7dafb8b3ea3403cab6db5fd1f0fae893554b8d40ab7202de43014b5644f3
SHA512

e3de7feb5950ad4f3cbde29fe323dc92b920c8f455d6be9afbb90ea36f3828ba4b4712a4ed639a1f1f39f5c236c5100d5ca2948008b163b28521b27efd9eb4f4
SSDEEP

1536:KsWGHeLBAjdqPd0xnhBbgA6UBeiFT0TpGAxaiU78bbClHrTYdMPKpvy4mZEnDQ50:FWHokOVheHoyXU78bbClnfmy4mZa0qP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4060 wrote to memory of 3424	4060	rundll32.exe	83
PID 4060 wrote to memory of 3424	4060	rundll32.exe	83
PID 4060 wrote to memory of 3424	4060	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a1cb57cf273e41727d83b5987e04e38.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9a1cb57cf273e41727d83b5987e04e38.dll,#1
  2⤵
  PID:3424