437c48af331c11bb3e3f1dea46659aa25274d605a5faaff52543f183a80dfb33

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 04:38

Target

a0f70c3522849dba6dd32d004b04a1c3.dll
Size

107KB
MD5

a0f70c3522849dba6dd32d004b04a1c3
SHA1

7103ccb3c081b1914d3135ec19e9756db2f6c87b
SHA256

437c48af331c11bb3e3f1dea46659aa25274d605a5faaff52543f183a80dfb33
SHA512

81cdcbcebe4fc45d5592508649b82de45b7bad19dd3204c28ca4ae3cdc874b5df2da09af6de72a7244c1c1a646ef4592c6e1551a2527bd1cd10cb9b0c755eeb4
SSDEEP

3072:ejwODiEAI1AWnQeHm/jBGskR99un5mr5iXkHo/:sTDLxHmbsskR99un5mrsXkI/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 32 wrote to memory of 4896	32	rundll32.exe	52
PID 32 wrote to memory of 4896	32	rundll32.exe	52
PID 32 wrote to memory of 4896	32	rundll32.exe	52

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0f70c3522849dba6dd32d004b04a1c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:32
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a0f70c3522849dba6dd32d004b04a1c3.dll,#1
  2⤵
  PID:4896