77eff4497232562eeb1862f97d484777202e8ac42c411093a821234045ee61a5

Analysis

max time kernel
123s
max time network
202s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 15:53

Target

bin_win32/libpng16-16.dll
Size

194KB
MD5

c156897a9c8616877d199cab89fcd42b
SHA1

35c1cfb564953f2d5ad2d5e698b679221add1b5e
SHA256

71dbd2b080df373b24b869900b96036fa3dd5b0295f5b074e8b27052d73c2794
SHA512

8ede8d33a3cd8de16062812bfaf0d58de2b7ae28e529cf18487e34b4f20a44cf6451cc104d4065a35dd77e66513c1bc3697344844e38f308a874d14bd310c5b6
SSDEEP

3072:4OoYgtu75HrlAHFP10N4fSDIQ5seLg5X2IFy+lYnvlBwp+niILtf:BoJyZiCDIYsigUIFy+lYvzK+niEf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3268 wrote to memory of 3220	3268	rundll32.exe	89
PID 3268 wrote to memory of 3220	3268	rundll32.exe	89
PID 3268 wrote to memory of 3220	3268	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin_win32\libpng16-16.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bin_win32\libpng16-16.dll,#1
  2⤵
  PID:3220