9c3d93ec4e6186bc822bffc2450945a89247b04e02df9746316d27e9d742bd35

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:52

Target

authz.dll
Size

182KB
MD5

e0badc82c7ce14887f13e726df429771
SHA1

8d774a89ec5984fbf4b380b2cdf6f30b93de6641
SHA256

9c3d93ec4e6186bc822bffc2450945a89247b04e02df9746316d27e9d742bd35
SHA512

4165cd5ac03674fb920fd1851ffec00b6febd6ebdc05086b7759c8dc98e5d687d53c092c62b7ff288cdd11649f8004575f7f3818093bf1a58a4b6ba903ff0d95
SSDEEP

3072:SavfFjc3C7bbJR6JhhQUC3YXWcy4OuFrFK3VHWO/WkDIg0/5Dra4ZKbYx:SavfFjc3C7bqJhqtu1yz5l25kEq4ZKbY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4320 wrote to memory of 2632	4320	rundll32.exe	82
PID 4320 wrote to memory of 2632	4320	rundll32.exe	82
PID 4320 wrote to memory of 2632	4320	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\authz.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4320
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\authz.dll,#1
  2⤵
  PID:2632