7119410516a64fd3f9708fef787c79dfbee855dc2d7910eeff34f3cf9e32e930

Analysis

max time kernel
89s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 11:45

Target

9b963aa49ed3cf2117b9eebba44be229.dll
Size

77KB
MD5

9b963aa49ed3cf2117b9eebba44be229
SHA1

dd1d1bfa9cd60c2406817aa560706b8221f40f43
SHA256

7119410516a64fd3f9708fef787c79dfbee855dc2d7910eeff34f3cf9e32e930
SHA512

276968fe42db5a5cae227adb183b65ade9ae913aaf6d725d2956d835bbb0d014e62cb7e7cc71296a61ac344b62be8f7e07adfbf0d88f0152a48f6637f1b24afa
SSDEEP

1536:64Cqv5D/IW4YIR+uXmFFnToIfMtei0/++++++++++++++++++++++++++++e+++3:6bm5DSYDuXmFtTBfMtei0vNDzw5Ma6Pn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3108 wrote to memory of 2092	3108	rundll32.exe	64
PID 3108 wrote to memory of 2092	3108	rundll32.exe	64
PID 3108 wrote to memory of 2092	3108	rundll32.exe	64

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b963aa49ed3cf2117b9eebba44be229.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b963aa49ed3cf2117b9eebba44be229.dll,#1
  2⤵
  PID:2092