5cdcf68b4c25f459fccf0f4a99a0c4f606e54adf55989f360b36d6f11be699ec

Analysis

max time kernel
132s
max time network
129s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 22:10

Target

5cdcf68b4c25f459fccf0f4a99a0c4f606e54adf55989f360b36d6f11be699ec.dll
Size

327KB
MD5

529a2b0174aecf55be0a0421204d08ea
SHA1

e5290453b392373320d866723c39f6374c61bb57
SHA256

5cdcf68b4c25f459fccf0f4a99a0c4f606e54adf55989f360b36d6f11be699ec
SHA512

04b54e06ff496438c602ebcd3ad7f86921b9d61957676ae604de27025c8f7e4aed4877eab95c48aa3f1eeef0a1c4d2af82c69919b1422a27c3bed9ee3f9b1814
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1012 wrote to memory of 220	1012	rundll32.exe	83
PID 1012 wrote to memory of 220	1012	rundll32.exe	83
PID 1012 wrote to memory of 220	1012	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cdcf68b4c25f459fccf0f4a99a0c4f606e54adf55989f360b36d6f11be699ec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1012
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5cdcf68b4c25f459fccf0f4a99a0c4f606e54adf55989f360b36d6f11be699ec.dll,#1
  2⤵
  PID:220