59970c992163d601cc5e224195a9b8bf026451512216dae15560619c8011f075

Analysis

max time kernel
91s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
14-02-2024 07:07

Target

9b126cdd7faa3beea1be08ecb09f0a89.dll
Size

216KB
MD5

9b126cdd7faa3beea1be08ecb09f0a89
SHA1

6c3e610fd59765003eb2f342c8b858158e892420
SHA256

59970c992163d601cc5e224195a9b8bf026451512216dae15560619c8011f075
SHA512

c03a4f74d2772e49d7ed30e2949dcb0f0546b6937b2d33bb8304407ba266b0b3e2231c1d0bef284611dcbc493bfdfb047b7fe9e8718bedffec679623f1e2267f
SSDEEP

6144:mRdhXfWmDHw/6Zu+dTa3tNja68YL/YP6TBTEnYztpgd:mXLw/6Zuuv6DLwP6TlgK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3308 wrote to memory of 3012	3308	rundll32.exe	71
PID 3308 wrote to memory of 3012	3308	rundll32.exe	71
PID 3308 wrote to memory of 3012	3308	rundll32.exe	71

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b126cdd7faa3beea1be08ecb09f0a89.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3308
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b126cdd7faa3beea1be08ecb09f0a89.dll,#1
  2⤵
  PID:3012