5ae6123c50262b2a5bbe5c04ec55131b7f663a8095abbee7ada78eb3fe38cfff

Analysis

max time kernel
149s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
27-06-2024 21:55

Target

5ae6123c50262b2a5bbe5c04ec55131b7f663a8095abbee7ada78eb3fe38cfff.dll
Size

5KB
MD5

cf86c9f36bee22b0786fc1be1ac50185
SHA1

00e5840f08ebab89a22d3630a52a0bd17bd72615
SHA256

5ae6123c50262b2a5bbe5c04ec55131b7f663a8095abbee7ada78eb3fe38cfff
SHA512

3467fd812b94c6fc0fc28efbe6854f11a12802e5edbef47d08c75908e0c965aa090309db59b6c4686898e128155323f37217d3a0cac390ae703303af0f76f3ca
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqJkFwgolFJk59d6gaHTuGdb+FLZfz1llmgM:hy859x0P8MaJqj4TbR+9ZfzaP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 1016	1976	rundll32.exe	84
PID 1976 wrote to memory of 1016	1976	rundll32.exe	84
PID 1976 wrote to memory of 1016	1976	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ae6123c50262b2a5bbe5c04ec55131b7f663a8095abbee7ada78eb3fe38cfff.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5ae6123c50262b2a5bbe5c04ec55131b7f663a8095abbee7ada78eb3fe38cfff.dll,#1
  2⤵
  PID:1016