5046fb1a7ccfa90426d1b172f8139ebc676ce89c9c8b653cc7946b768feff88d

Analysis

max time kernel
92s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
19/02/2024, 11:36

Target

5046fb1a7ccfa90426d1b172f8139ebc676ce89c9c8b653cc7946b768feff88d.dll
Size

1.2MB
MD5

562dc938fce2b005b670b90898380286
SHA1

b1b5bf2dc428c843e2e6e12b36f02bc156f0ebb0
SHA256

5046fb1a7ccfa90426d1b172f8139ebc676ce89c9c8b653cc7946b768feff88d
SHA512

2d5156e7f0fe03f62f016262190b75f73cdf3ebfa2fc90843e8c1f614721a3e674972f93f297ebbca29456b6bea93fc9b4b6c50cbb61377857727274bd4a2952
SSDEEP

24576:S1UYskQ395RZu2iT9qacGoxxpBjurmXxkzqg5KE/BPn+lo7rEH7q:tS9qacGWimXxLbIPn+lo3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1996 wrote to memory of 4276	1996	rundll32.exe	84
PID 1996 wrote to memory of 4276	1996	rundll32.exe	84
PID 1996 wrote to memory of 4276	1996	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5046fb1a7ccfa90426d1b172f8139ebc676ce89c9c8b653cc7946b768feff88d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1996
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5046fb1a7ccfa90426d1b172f8139ebc676ce89c9c8b653cc7946b768feff88d.dll,#1
  2⤵
  PID:4276