a53babb5abcf951b52eda63a85965d10536d3fdab960de674cbbefb751ab3273

Analysis

max time kernel
150s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 02:36

Target

a53babb5abcf951b52eda63a85965d10536d3fdab960de674cbbefb751ab3273.dll
Size

62KB
MD5

93ed143d591046aca231761a0c49d34f
SHA1

3e57c4b9a8da2ae936698598b39648221113ad90
SHA256

a53babb5abcf951b52eda63a85965d10536d3fdab960de674cbbefb751ab3273
SHA512

fa10b53cc78ee68889442c21323f9a37b043af8c5b74b48153433f1367f9b99717f7b502b8cfd611b6bdc68e13de135f6613973e0184841f3e47b78ddb3dd2e6
SSDEEP

768:IJZrSyOYemUPDBCjrlUgdXaEDZwgUEOhxVtb/py5k3r3IUogGq9dymxukg1:+1uVBCFndqEDZs5b/pvr3log99Ymkf1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 3140	2876	rundll32.exe	81
PID 2876 wrote to memory of 3140	2876	rundll32.exe	81
PID 2876 wrote to memory of 3140	2876	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a53babb5abcf951b52eda63a85965d10536d3fdab960de674cbbefb751ab3273.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a53babb5abcf951b52eda63a85965d10536d3fdab960de674cbbefb751ab3273.dll,#1
  2⤵
  PID:3140