529804cf8e209aebaa8561fdca5ddd0d9d834b6c490266293380108298eac7e5

Analysis

max time kernel
92s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
08-06-2024 16:57

Target

dll/celeryuwp.dll
Size

4.2MB
MD5

b0f566fc20de341e2848a489f69a4e48
SHA1

7a81ab4c68ddeb1e0a83c37e17286ae53e29c334
SHA256

5223f453b44be5d13f5f249f1f23b020b75c7e237c23712d97813c430015afc6
SHA512

4ba8394bede49de1dd1ad98afa59e0546b5118cf6b75dcf2cc83f00fde88bda0d659944c3324d19960d935d9e29e69f8b9b08fa5d5db7f71506e13471bbcb75f
SSDEEP

49152:LikvPpFjV8b8bhnNcZXGDQc6jg8mHdnYvLyv5ttr24Y4AxYWAF7yWGxmR/qSDQey:0ZXGU7k8Ol5/24PqNmOQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 116 wrote to memory of 644	116	rundll32.exe	rundll32.exe
PID 116 wrote to memory of 644	116	rundll32.exe	rundll32.exe
PID 116 wrote to memory of 644	116	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\dll\celeryuwp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\dll\celeryuwp.dll,#1
  2⤵
  PID:644