3f8320152704377de150418a3c4c9d07d16d80a6c0d0d8f7289c22c499e33571

Analysis

max time kernel
147s
max time network
158s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
05/03/2024, 16:06

Target

platform-tools/libwinpthread-1.dll
Size

236KB
MD5

7a6db2bf9c5b67d5b9f348bd412ae785
SHA1

9f530059d8d40fa75062662aad2d7bbfc5fe5569
SHA256

7df872ef0932d56c01d6fd07a21fb8c1ec6e1872cdda1a4050034f45c1e1a22d
SHA512

e4ad314b9bc1aee6429571007829810ec7afc56bab6690527b0ef158ab931f2f4345f8cbd2f3a62d55ac9984e1a52b39a7c57e473cde7da8349ede6f6b86cacb
SSDEEP

3072:Vj0MrMmL30TuauRvw921wQ0Pim3YCgm0UcDbYCUX5YPrPOFLrDexgcQuaxtubRa0:Vjwmb0Kdpbuim3YTU8Jr95Qu8YCrd4L

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 948 wrote to memory of 1540	948	rundll32.exe	80
PID 948 wrote to memory of 1540	948	rundll32.exe	80
PID 948 wrote to memory of 1540	948	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\platform-tools\libwinpthread-1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\platform-tools\libwinpthread-1.dll,#1
  2⤵
  PID:1540