28ac4716072f1a0ebc0bacd71e614d8cb12090909e428c39c163d9437b472f7b

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 23:51

Target

b5f939ef8397b5420bb42f8dcc447c0b.dll
Size

48KB
MD5

b5f939ef8397b5420bb42f8dcc447c0b
SHA1

7f298ec8f075240a89ef2409f9611d2f256284a2
SHA256

28ac4716072f1a0ebc0bacd71e614d8cb12090909e428c39c163d9437b472f7b
SHA512

0332595abe5844bf92554edc349df52711e8fff769556d4e3858a582bcec137c886e8cf88a1dfc6afeecfd642f042c698e6615bed4fa0f793c7293fd5820916f
SSDEEP

768:0qkfZv+byUznO3H4pO2766xu38WDa5hqFUBi1DHslKb84Ytp2ZkdoIPq4p6m:al3UQH4pJcgHqFxtxoBwwoIPq4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 4084	1124	rundll32.exe	90
PID 1124 wrote to memory of 4084	1124	rundll32.exe	90
PID 1124 wrote to memory of 4084	1124	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5f939ef8397b5420bb42f8dcc447c0b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b5f939ef8397b5420bb42f8dcc447c0b.dll,#1
  2⤵
  PID:4084

memory/4084-1-0x000000006A300000-0x000000006A30F000-memory.dmp

Filesize
60KB

Download
memory/4084-2-0x0000000000EC0000-0x0000000000FC0000-memory.dmp

Filesize
1024KB

Download