f0f5066b82ea5f85dc13779db43a7ab3ba815ab0773ff880eef8406241eed1ab

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
22-04-2024 12:14

Target

f0f5066b82ea5f85dc13779db43a7ab3ba815ab0773ff880eef8406241eed1ab.dll
Size

130KB
MD5

c3614d2a6ee119e12f4b36011c40b18d
SHA1

0b542585390e7814d52f7b0201df11e211d9c052
SHA256

f0f5066b82ea5f85dc13779db43a7ab3ba815ab0773ff880eef8406241eed1ab
SHA512

6d3a8bff5863ad1a65c018d1a62db7c8a1b4cc869fc286f67468e2b2686aeb83d12f4cbd124d2512465e1da0d3a7630a8210781717a29ac7a2d1a3bb7492dc49
SSDEEP

3072:ABLCKzHr/MORb3+vSdumFRWNMqoBP0JUhbXQX:qLCKzHr/NRqQumFYvR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3104 wrote to memory of 412	3104	rundll32.exe	85
PID 3104 wrote to memory of 412	3104	rundll32.exe	85
PID 3104 wrote to memory of 412	3104	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0f5066b82ea5f85dc13779db43a7ab3ba815ab0773ff880eef8406241eed1ab.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f0f5066b82ea5f85dc13779db43a7ab3ba815ab0773ff880eef8406241eed1ab.dll,#1
  2⤵
  PID:412