fbb193aa2abd690cc7de90294297db1ced27d24416a4acd3d987c056d8f91874

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/05/2024, 12:58

Target

fbb193aa2abd690cc7de90294297db1ced27d24416a4acd3d987c056d8f91874.dll
Size

150KB
MD5

71933cbe67b737e34a55da856a51a59e
SHA1

61c9d2a4eb29fc445603c99c7be7929905aac6e2
SHA256

fbb193aa2abd690cc7de90294297db1ced27d24416a4acd3d987c056d8f91874
SHA512

e2668933545842d052df7f7f7417b7b4d627f879dd01c72775c85f73901de1e6b08230c38ee5e77941087c69288016c6d442793074d5f0de76ac7e8240a2c3e1
SSDEEP

1536:KNtJIsLJasQN0rcGda7mh3rBP/Gc75i0YGZPERbEYl/9dq1X6Yfi:KN0spknYhNP/x10Lq1X3fi

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4864 wrote to memory of 1508	4864	rundll32.exe	81
PID 4864 wrote to memory of 1508	4864	rundll32.exe	81
PID 4864 wrote to memory of 1508	4864	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbb193aa2abd690cc7de90294297db1ced27d24416a4acd3d987c056d8f91874.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fbb193aa2abd690cc7de90294297db1ced27d24416a4acd3d987c056d8f91874.dll,#1
  2⤵
  PID:1508