0418a67fdc938a52a5006088571ec2761c7fd73a6c00e8727a1de575e5271edd

Analysis

max time kernel
149s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 13:03

Target

libtiff-5.dll
Size

693KB
MD5

4be6558eb13a5f552ee702c4d4de45ad
SHA1

39633e8d68c9e4c2ba2583b20f603df253dd4706
SHA256

0418a67fdc938a52a5006088571ec2761c7fd73a6c00e8727a1de575e5271edd
SHA512

c6978fdeec41db3e7d2491af6a16a0303024b86a60e42522a364d4808c598dab3c56f8fc13820a44be198f0b5c1c463d714a91ff740ddc62167a0c3a62d9284b
SSDEEP

6144:cagtCxfU4fyd9pYc38m1TpmJoH0/mRZbtYPtrKMiY/rNL1bp5hVALvpQWp9WI0XS:5fg9XTEC0AtYeMj/rNLrQpjUS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1616 wrote to memory of 1340	1616	rundll32.exe	83
PID 1616 wrote to memory of 1340	1616	rundll32.exe	83
PID 1616 wrote to memory of 1340	1616	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\libtiff-5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\libtiff-5.dll,#1
  2⤵
  PID:1340