6466a80a6f23a338b80efa0ba7aaad451f9e589ea61df2b3905a0fd5b3362628

Analysis

max time kernel
92s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 11:54

Target

9717c7126a803e99be4826ba2f1901f1.dll
Size

36KB
MD5

9717c7126a803e99be4826ba2f1901f1
SHA1

16200f7fa065d9df55c10b4c57ec69b1a605b0fb
SHA256

6466a80a6f23a338b80efa0ba7aaad451f9e589ea61df2b3905a0fd5b3362628
SHA512

56cfbcfcca71a29b085a426eceb426139685c95bef38e00a8966cecc336052cda5a6936560229e8810213c047517edc60f877be963988bc317289d75d0aa4656
SSDEEP

768:ZT1BNCkK5gVGxlaZql9J1oT1cIg7/fO3+a5hCDKR4plx8Mf9O:BnNCl5X/J12y5736+4QWR4pz9E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4336 wrote to memory of 3832	4336	rundll32.exe	85
PID 4336 wrote to memory of 3832	4336	rundll32.exe	85
PID 4336 wrote to memory of 3832	4336	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9717c7126a803e99be4826ba2f1901f1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9717c7126a803e99be4826ba2f1901f1.dll,#1
  2⤵
  PID:3832