73c68926e4fe82de212c2877a06e3f49fe3df3432bd01078f6bb35e3fc5c5889

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/02/2024, 03:12

Target

ad8a613a838597652c87ad91f466d407.dll
Size

33KB
MD5

ad8a613a838597652c87ad91f466d407
SHA1

09deabd1d8e2aff74e29d45ec25baf30274d6db0
SHA256

73c68926e4fe82de212c2877a06e3f49fe3df3432bd01078f6bb35e3fc5c5889
SHA512

d1814e6624ad5e16891ba0479f35906604d40904bfdb218a5f1dbf6106de38569256cebdb8506ba3f7bb7371ac505cccfc99a8efda0904d34b8fcb8998eaf1a8
SSDEEP

768:K2M61pGt+eC8IIklhlM7gQ/WSIUt5hnDqs6rRx3LYP5:K25LvSIIkrO7gdS1Xh2s6RxbA5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2756 wrote to memory of 4848	2756	rundll32.exe	86
PID 2756 wrote to memory of 4848	2756	rundll32.exe	86
PID 2756 wrote to memory of 4848	2756	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8a613a838597652c87ad91f466d407.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2756
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad8a613a838597652c87ad91f466d407.dll,#1
  2⤵
  PID:4848