4728b125c10c4679da6fc79d6fde9baf934b2db79ccccc884f729ccad780da40

Analysis

max time kernel
147s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 12:58

Target

e1b97648747f4bf9a61944015d632a45.dll
Size

7KB
MD5

e1b97648747f4bf9a61944015d632a45
SHA1

391ad2a36142a88b2502ee6157e84ca67e65ee9b
SHA256

4728b125c10c4679da6fc79d6fde9baf934b2db79ccccc884f729ccad780da40
SHA512

54bbcb3ce081eaad93a3a266716bc5c7d561bdd6586134ed3c71989e0f07970c7519cfb6475370752e1e59fee524ce5e862d4267b1f7dc0c9fa87107482594a0
SSDEEP

96:OP+RNmBuT8Cjcx9KNq01g4oq/bdAfGtw57+j01ITjTgFJywf:OGRI+cx9KE0D3dAfGa5qlv89f

Score

8^/10

Blocklisted process makes network request 5 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3404 wrote to memory of 5060	3404	rundll32.exe	86
PID 3404 wrote to memory of 5060	3404	rundll32.exe	86
PID 3404 wrote to memory of 5060	3404	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1b97648747f4bf9a61944015d632a45.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1b97648747f4bf9a61944015d632a45.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:5060