5c94544edf4ca868514648945f082e00f273b67e8e1460a2e686888f78a60b57

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 08:50

Target

bad5a8d2db03619c331b8af9b6d0499f.dll
Size

100KB
MD5

bad5a8d2db03619c331b8af9b6d0499f
SHA1

c56367008d64b697489dc5b4e11933080e3d5ee8
SHA256

5c94544edf4ca868514648945f082e00f273b67e8e1460a2e686888f78a60b57
SHA512

f272a74afaa12fae09911b051ab3b3a76dbb54eddaa5b4c6c9d02a6175cc2c9007ca5d1563f886adbfb74ac32901e538120a0105932047368940da7542137a75
SSDEEP

1536:dBTZgNWUIvgtwCb6BFsklt8r+P7Zz7skT6VT8oq1+Ag8OSzu52zxwU8:lgsUUGZ2H8aP7tsp/X98O0u52998

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 3584	1456	rundll32.exe	88
PID 1456 wrote to memory of 3584	1456	rundll32.exe	88
PID 1456 wrote to memory of 3584	1456	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad5a8d2db03619c331b8af9b6d0499f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bad5a8d2db03619c331b8af9b6d0499f.dll,#1
  2⤵
  PID:3584