df5679031a2151565afad9e76ddb5d6eb5e1bd1569c317f1574baa228b5b4073

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 18:09

Target

8fd01704c91a7fcdef7b222723c99042.dll
Size

42KB
MD5

8fd01704c91a7fcdef7b222723c99042
SHA1

f9d7d1719d62eaa8b99e6ef988071a043d28dfee
SHA256

df5679031a2151565afad9e76ddb5d6eb5e1bd1569c317f1574baa228b5b4073
SHA512

a34f56959cf69fdbe0dfe9fa72675ddb693cc01336fd33a045655b5aba0751028fdc10a254baac041408ffff8ebab51f133aa6efc0d1c90a7b6118be8d6862f4
SSDEEP

768:GlAqQidiEgzdbkpjhWToENNqDKt76mr7TKttBro7PpPJdTWBzRECriM5:CA/6bgzB0FENNqCFr7TKJroBLazRECt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4108 wrote to memory of 4424	4108	rundll32.exe	84
PID 4108 wrote to memory of 4424	4108	rundll32.exe	84
PID 4108 wrote to memory of 4424	4108	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd01704c91a7fcdef7b222723c99042.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fd01704c91a7fcdef7b222723c99042.dll,#1
  2⤵
  PID:4424