e1a876852a42d221b5bb7a2d934e50c31d2006f9df258dab589b0078cc6c63f3

Analysis

max time kernel
144s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
18-04-2024 19:55

Target

x86/AdguardNetLib.dll
Size

153KB
MD5

9764179c72a035e6ccc29680545fead1
SHA1

045427470197282e40866ca68abf2309d1db07ba
SHA256

455d8b058331f3db8233c7c6823985163a82e3cebb26cac46c3838fcbf7efa86
SHA512

2305f28629d61ca03849388b5e11a7e90838b167188dad0c5f7859510a50c6ac4348f06c6dabcc231a4266c216d917cbcadb55b6d40e540115bd1fc6e058e0d9
SSDEEP

3072:EuaQTk1wgCa7uW+Y+IJE+edVtDvIDBJF0EDQns6fvC9cjo2iwJtsykZHqxO34aGo:wnCa7uW+Y+IJE+edVtbIDBJF0Ecns6yj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 380 wrote to memory of 2360	380	rundll32.exe	rundll32.exe
PID 380 wrote to memory of 2360	380	rundll32.exe	rundll32.exe
PID 380 wrote to memory of 2360	380	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\AdguardNetLib.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\x86\AdguardNetLib.dll,#1
  2⤵
  PID:2360