52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8

Analysis

max time kernel
130s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
26/06/2024, 01:15

Target

52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll
Size

1.2MB
MD5

3855937691751cf581110df9531fe6a1
SHA1

ce9b28416aa86c14e17705dd58835bf721a83980
SHA256

52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8
SHA512

842d00f089906f86bcfcc2eae0de8bacebb8f0938d862e5abfa31dfbdc5e0156a8e3c85fd8bf62904e3daa011e1e4735de8ec4d4d3df188ce791bffe8006df62
SSDEEP

24576:cL3ABX9LWEwCwSW5w3RJPVddDmv80DrvXRugee1yqqK7Ou1klAvAUY17:ce0vwhJMvL/Juqce+kY1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 940 wrote to memory of 968	940	rundll32.exe	82
PID 940 wrote to memory of 968	940	rundll32.exe	82
PID 940 wrote to memory of 968	940	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:940
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\52e8a939e2ab6eb54760c70038c27bdc249616cc9dd91f22a2027e228554edc8.dll,#1
  2⤵
  PID:968