e01deac57d68a7a76fcd4247f7d8dd063f73046b77e4deae2c58194a203b9d5b

Analysis

max time kernel
91s
max time network
126s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 19:40

Target

a06b31bd249a788da3a89e372feb6901.dll
Size

44KB
MD5

a06b31bd249a788da3a89e372feb6901
SHA1

dc71def7a37fe1935152389f38193d3287a06859
SHA256

e01deac57d68a7a76fcd4247f7d8dd063f73046b77e4deae2c58194a203b9d5b
SHA512

07eaa6beedc1b170feabe8d5f277b429fe49851c98031db9d4b901a6ec3e0d44d1210ec435156371c7f1d034a5a1a5540a978dae8cf89dd060ce6aca5a41ddcc
SSDEEP

768:6BEUZXCNWT9b4jGY2wjAgqYxUd4FtBd3FuBQk53Boag6W242R:QoWT9b46zatBaGkPo6g2R

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2400 wrote to memory of 2356	2400	rundll32.exe	31
PID 2400 wrote to memory of 2356	2400	rundll32.exe	31
PID 2400 wrote to memory of 2356	2400	rundll32.exe	31

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\a06b31bd249a788da3a89e372feb6901.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2400
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\a06b31bd249a788da3a89e372feb6901.dll,#1
  2⤵
  PID:2356