1ff5f78d75ce4a1d3d8b704b8a0614ec7d7c6a5d694974ed405bd1e38500946e

Analysis

max time kernel
134s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 12:03

Target

UIRibbon.dll
Size

3.2MB
MD5

d0eb1a75af6a7539f2a8b55c360b54d5
SHA1

a7cf714df7eeed049358be6480f4955ec1a0dc5f
SHA256

1ff5f78d75ce4a1d3d8b704b8a0614ec7d7c6a5d694974ed405bd1e38500946e
SHA512

492401e5f287efdf0fcc87055a7a36ffea2dd5a907b10d91128b79c042bfffd736da349ac797ead2fade8174a67ecc1cb8071794df4300c945c07b8a377a9da0
SSDEEP

49152:DIvlmpXmydKzTKhLJdbRKfe50X/duvPRcv88NmwEdzdYXIL8Wb+boCVKSBWT2:0oIcJXYe50Xl8Cv88nedlL8Wb+bbu2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 4900	404	rundll32.exe	83
PID 404 wrote to memory of 4900	404	rundll32.exe	83
PID 404 wrote to memory of 4900	404	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\UIRibbon.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:404
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\UIRibbon.dll,#1
  2⤵
  PID:4900