b5e3f92898f99b477b299d5586be81ed934b26f41bb07035067357089cc1cd25

Resubmissions

29/04/2024, 12:06 UTC

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
29/04/2024, 12:06 UTC

Target

usbaapl/usbaaplrc.dll
Size

5.8MB
MD5

1428a8b3dbf4f73b257c4a461df9b996
SHA1

0fe85ab508bd44dfb2fa9830f98de4714dfce4fa
SHA256

5ed0d8f2066dd19d5aec42c5498fdd1db9cefab4d024a1015c707dfd0cfd5b20
SHA512

916a61feb9a36872a7c1adece8933599e55b46f7d113966ec4ad2af0e2568f1a339629ec48eca10bd1e071c88171fe88292dab27ce509ceea42afbd049599cc7
SSDEEP

98304:ScVhR7NYYT1HxqakUakSocVKM7e2P5oQw1WcATUx+NPGlK/CPGQVbrLdDsS:ScVhR711xqG2NJkfyUx+ElKaPP9RDsS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2284 wrote to memory of 4828	2284	rundll32.exe	77
PID 2284 wrote to memory of 4828	2284	rundll32.exe	77
PID 2284 wrote to memory of 4828	2284	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\usbaapl\usbaaplrc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2284
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\usbaapl\usbaaplrc.dll,#1
  2⤵
  PID:4828