13b1f7890e98e1d229eb3ca56f11db2d6865030f689836af418fb58d4a3f5ee1

Analysis

max time kernel
92s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
22/02/2024, 16:33

Target

13b1f7890e98e1d229eb3ca56f11db2d6865030f689836af418fb58d4a3f5ee1.dll
Size

2.5MB
MD5

f1f89f4aee44b3190ebab273fe008318
SHA1

b1e31ffe243390dbb3805ff779d2f0158f67d297
SHA256

13b1f7890e98e1d229eb3ca56f11db2d6865030f689836af418fb58d4a3f5ee1
SHA512

4869dd4206fa6a13e6f0d318ac3beb4fe9a8c6f3674b9770918e1801b0278de18bb618ecb731de0a44fa45a0250b3c17cb63411ff5ed457dafcf1c0f2027fdb3
SSDEEP

49152:mT/F11g1oq+Ofw3mCc2SEZk4fCk/XS42m+zkPCIt69EI/65d4KT47moTE0nR0F:mT911g1oq+Ofw3odH4fr/XS4sSCy69EZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 1844	760	rundll32.exe	54
PID 760 wrote to memory of 1844	760	rundll32.exe	54
PID 760 wrote to memory of 1844	760	rundll32.exe	54

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13b1f7890e98e1d229eb3ca56f11db2d6865030f689836af418fb58d4a3f5ee1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:760
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13b1f7890e98e1d229eb3ca56f11db2d6865030f689836af418fb58d4a3f5ee1.dll,#1
  2⤵
  PID:1844