5b7a2f3d40dd613c0351d40d3ed77ccf4f37d070c4fd89ae419d4e40c35fdab1

Analysis

max time kernel
104s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
23/07/2024, 02:41

Target

524ee5b000fe6a8fdeb268f2e92925b0N.dll
Size

106KB
MD5

524ee5b000fe6a8fdeb268f2e92925b0
SHA1

399640b0568f3423902623818f6465fb1f4c84c3
SHA256

5b7a2f3d40dd613c0351d40d3ed77ccf4f37d070c4fd89ae419d4e40c35fdab1
SHA512

2e7e80c1283f0e3abe6de44364887f3714769ae7ab1dd6ce0184616f08d28097d5a358c5972f2c0c4ecd715bbbc182f824d8f2c09459fb5541a5ca2701fd0cf3
SSDEEP

3072:/JmzIbNitSzSJ3oi8qVGvrK+nqT+KDcR/PfOEaB:/1NitZYi8CGvrK+nqT+UcRnfOE

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4852 wrote to memory of 4584	4852	rundll32.exe	84
PID 4852 wrote to memory of 4584	4852	rundll32.exe	84
PID 4852 wrote to memory of 4584	4852	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\524ee5b000fe6a8fdeb268f2e92925b0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4852
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\524ee5b000fe6a8fdeb268f2e92925b0N.dll,#1
  2⤵
  PID:4584