3b9afcc8bed0639482aa221be6919fdc6051ed2a4d49376835a995082db0e126

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2024, 03:46

Target

ba6ebcffcdee3a42d865dec37b3cc856.dll
Size

8KB
MD5

ba6ebcffcdee3a42d865dec37b3cc856
SHA1

b744aaafb883c8df7aff059f9b71f654f95927fe
SHA256

3b9afcc8bed0639482aa221be6919fdc6051ed2a4d49376835a995082db0e126
SHA512

70cf877fe7c2e9c63ef54657008a7ac0ee381606d3ebbe3abda93624a47ee07f45746d5f254218c59714a52707a9b03639fed1a2b6f9b8be2a2a59cf8e081946
SSDEEP

96:nPo2xDItAH5kwtO2x8sZSUiDGz8l91aPqI0R4X4pjcW5CDYY3:nZxDItAH6076uteIqI0R4ajcW5QYY3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3184 wrote to memory of 4668	3184	rundll32.exe	89
PID 3184 wrote to memory of 4668	3184	rundll32.exe	89
PID 3184 wrote to memory of 4668	3184	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba6ebcffcdee3a42d865dec37b3cc856.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3184
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba6ebcffcdee3a42d865dec37b3cc856.dll,#1
  2⤵
  PID:4668