0116f46a2c6debdab0702665632495e3d30224d61999c5d724c5ce905a879bfd

Analysis

max time kernel
134s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 12:06

Target

40d105012db6a2bcc6e3e52e8b932be0.dll
Size

60KB
MD5

40d105012db6a2bcc6e3e52e8b932be0
SHA1

6422cb639ece4a766c8ba447042adbe049f5b634
SHA256

0116f46a2c6debdab0702665632495e3d30224d61999c5d724c5ce905a879bfd
SHA512

3935abd8f8616b920e0beff7ba030868669c39ef70b2c2fee7f8097e98646deaacda4069e6e65c27f077cf1c6f7b10d4a32767559e4989793ff422614d52dc0f
SSDEEP

768:haFaksG7ZsUPSf0FPLZ58fjoBzOBr3Kj6gCuNuUV7vdBxT9FTz6J4jk1OkXe1Rrk:lksmsapPV5kRB2qgua71Bx9lzTjU9CRo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3240 wrote to memory of 3508	3240	rundll32.exe	90
PID 3240 wrote to memory of 3508	3240	rundll32.exe	90
PID 3240 wrote to memory of 3508	3240	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\40d105012db6a2bcc6e3e52e8b932be0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3240
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\40d105012db6a2bcc6e3e52e8b932be0.dll,#1
  2⤵
  PID:3508