168ef5c5f554a085bf541f3d950004cab194a7a2f4e75da6065c1429d5bc4c92

Analysis

max time kernel
67s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
29/04/2024, 18:57

Target

168ef5c5f554a085bf541f3d950004cab194a7a2f4e75da6065c1429d5bc4c92.dll
Size

6KB
MD5

b392ae888b9988c066b7b1fca97866e0
SHA1

4bfb5960dbfda406d89f10767daea773ccf0d88b
SHA256

168ef5c5f554a085bf541f3d950004cab194a7a2f4e75da6065c1429d5bc4c92
SHA512

d0d3908760d2f25426af50b212edd366b1ea642ee007a57fa142094e5a183a372134c944b2a7fb8d3d62e4079ac20894b1eae6c401208460b1135bec4e37a542
SSDEEP

96:hy859x0P8MaKVNM2oPZZQRSDxtzDDI9SCyxd9iS5WmVoxjqi6:F5oLVVNMRP/Qs/k5TGa5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 4564	3700	rundll32.exe	85
PID 3700 wrote to memory of 4564	3700	rundll32.exe	85
PID 3700 wrote to memory of 4564	3700	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\168ef5c5f554a085bf541f3d950004cab194a7a2f4e75da6065c1429d5bc4c92.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\168ef5c5f554a085bf541f3d950004cab194a7a2f4e75da6065c1429d5bc4c92.dll,#1
  2⤵
  PID:4564