28b65311a5a3266c913899f263a2443bf5196fd001da6cd1ada88ff7e5918499

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27-03-2024 18:34

Target

28b65311a5a3266c913899f263a2443bf5196fd001da6cd1ada88ff7e5918499.dll
Size

92KB
MD5

a05873470aad80dc5cf630f3ecda31fe
SHA1

c2058f20794d3271feef489628d86f804d1850ad
SHA256

28b65311a5a3266c913899f263a2443bf5196fd001da6cd1ada88ff7e5918499
SHA512

c34b65c14813d8c0ccbc62b3d3319703a9a8394dbc48304d0c760b931f4ef7a69b7ff4b50288d23c527d02dda0614298cfc7ef9a3df85ec5b3e769cc46f4c58a
SSDEEP

1536:gchlExKuQmrYHwGbR6gU2Xaaz9eniSsmwPqVgJnNRnk5AWD:3hlEvRw8Yaa5egCGJN9k5A

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 1072	3556	rundll32.exe	86
PID 3556 wrote to memory of 1072	3556	rundll32.exe	86
PID 3556 wrote to memory of 1072	3556	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\28b65311a5a3266c913899f263a2443bf5196fd001da6cd1ada88ff7e5918499.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\28b65311a5a3266c913899f263a2443bf5196fd001da6cd1ada88ff7e5918499.dll,#1
  2⤵
  PID:1072