f5c2db050b2cc22a162dd717a1d4d8eeb16d3396f1b30f05d2f9784d2b76fc02

Analysis

max time kernel
138s
max time network
99s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
30/04/2024, 04:35

Target

f5c2db050b2cc22a162dd717a1d4d8eeb16d3396f1b30f05d2f9784d2b76fc02.dll
Size

178KB
MD5

e75ab81460e4d7b8470cc7ef0291fdd3
SHA1

41f2487929bcaf6022a7e762601293ac4734fbf7
SHA256

f5c2db050b2cc22a162dd717a1d4d8eeb16d3396f1b30f05d2f9784d2b76fc02
SHA512

020a4f9fe4ff2d67d84d55f0c7fe1edf2d15b5e6b426a7b923dbf091513967d8b5318487fb7e3f5fb1f19cc71c0366a42fc4a1c9e10381c008f936e7bcc07174
SSDEEP

3072:Wm4YPRJSLqr5aA5u8fGsLNM4lNyq5sYpkxWcoT5oT/TQOtbpEGpiWXqxu:W5w4YUAuOGsvUJOoT/MOtbpEOL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 2960	212	rundll32.exe	85
PID 212 wrote to memory of 2960	212	rundll32.exe	85
PID 212 wrote to memory of 2960	212	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5c2db050b2cc22a162dd717a1d4d8eeb16d3396f1b30f05d2f9784d2b76fc02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f5c2db050b2cc22a162dd717a1d4d8eeb16d3396f1b30f05d2f9784d2b76fc02.dll,#1
  2⤵
  PID:2960