ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 14:35

Target

ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll
Size

164KB
MD5

bbe723936dab9bf9fd0fa11c454a58bb
SHA1

9d5568f74c5fa469357894ad6c16bb8f916ef285
SHA256

ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6
SHA512

50717ecbaafaabad36b9120677d104076ee646934b91ebb427750f11285093852cb502a16f778dea67d4432efa55c8f6550194db7b8045ebb08f79c235442b48
SSDEEP

3072:fSSUeSlj8AcWqtGxtb9mO69mfXsR/tcV:fSwSlj8Kqtiga

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3440 wrote to memory of 4092	3440	rundll32.exe	rundll32.exe
PID 3440 wrote to memory of 4092	3440	rundll32.exe	rundll32.exe
PID 3440 wrote to memory of 4092	3440	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3440

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad5c8465806dd0e49b5d12671473628e076e1744cdb9c9fa3638164778fd3ed6.dll,#1
2⤵
PID:4092