5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/03/2024, 20:32

Target

5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc.dll
Size

117KB
MD5

d39387bd2fc6fa7375965f9e484ff25b
SHA1

31da0ccf4ebc271e0b7266b9b9507bf7ab89860d
SHA256

5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc
SHA512

19369c222dc2627a3e6c0419727ecda2c26992778850b49cfa2e7af8e3c7bd2f04e8e9cbf7f51db2436ff18e40782c357610161c544e4ac47c8d7e0caa3d3553
SSDEEP

1536:Xz0072hKqtpysxpQiYibFJ+Tk9k2B+hc1jfsWjcdsh9qZrRX1q:XIvhKpsjQWFCo+IgshIZrRX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1580 wrote to memory of 2196	1580	rundll32.exe	87
PID 1580 wrote to memory of 2196	1580	rundll32.exe	87
PID 1580 wrote to memory of 2196	1580	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1580
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b52156c5693e09cf04df3d34552c6d08d6ce818b7aee6f1b29646407bc0a6dc.dll,#1
  2⤵
  PID:2196