5e0f2197039a605bffc0a71a98fa95530b578e9b5e9fae9c9e0d069d5ef0bf60

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:03

Target

5e0f2197039a605bffc0a71a98fa95530b578e9b5e9fae9c9e0d069d5ef0bf60.dll
Size

23KB
MD5

70190a4556d63878d5db02ec98587730
SHA1

a97e10d0e8d2846206873cb49a5c3512e35d5ece
SHA256

5e0f2197039a605bffc0a71a98fa95530b578e9b5e9fae9c9e0d069d5ef0bf60
SHA512

4cd5e13ce20753dcb27bce0b30e53034aaee5dc022ce07585e9bb47fa364f39720f142b04e9c0c75475e3994f77f0b760b900c8148904446742ddd573543d618
SSDEEP

384:3XWnChbiodmgN6X2J8fS/aXFyNbTkTjaZlShvHXE+EYeQ5RCA:Wn2brbW26fSFxXShv3E+EYoA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3512 wrote to memory of 736	3512	rundll32.exe	rundll32.exe
PID 3512 wrote to memory of 736	3512	rundll32.exe	rundll32.exe
PID 3512 wrote to memory of 736	3512	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e0f2197039a605bffc0a71a98fa95530b578e9b5e9fae9c9e0d069d5ef0bf60.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3512
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5e0f2197039a605bffc0a71a98fa95530b578e9b5e9fae9c9e0d069d5ef0bf60.dll,#1
  2⤵
  PID:736