f2f4d4e02acc0fdec8b7ea1b644e11d389db8f749dee7f577dd7010525aae561

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06-03-2024 02:41

Target

f2f4d4e02acc0fdec8b7ea1b644e11d389db8f749dee7f577dd7010525aae561.dll
Size

6KB
MD5

e11d1884c50f9c516cd6c4f5f01165c4
SHA1

89a97c38edf2776e852f0194f0bdeadc37769edd
SHA256

f2f4d4e02acc0fdec8b7ea1b644e11d389db8f749dee7f577dd7010525aae561
SHA512

cfdd3b0434aaf34f0a811b8fbb13bb3f8848c3d6baa27df4d6a35730dbfde23d0ef325c959a7b6af16f31b166cee8968ad2486b307d1e43d1fb2f5e7b856fa72
SSDEEP

48:63mll5YVOa9VUX1iwbQWu00B+BDq9J5SH:VDa9VUX9bQWUB+FqX5SH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 2528	2796	rundll32.exe	88
PID 2796 wrote to memory of 2528	2796	rundll32.exe	88
PID 2796 wrote to memory of 2528	2796	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f4d4e02acc0fdec8b7ea1b644e11d389db8f749dee7f577dd7010525aae561.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f2f4d4e02acc0fdec8b7ea1b644e11d389db8f749dee7f577dd7010525aae561.dll,#1
  2⤵
  PID:2528