d810f68813b1fc6f0350edc96df6491eca98dab3640ec6ac1db9008b5e3fef11

Analysis

max time kernel
138s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2024 15:57

Target

d810f68813b1fc6f0350edc96df6491eca98dab3640ec6ac1db9008b5e3fef11.dll
Size

179KB
MD5

0b4a60256d23a4dfdc8533e1b22f91fa
SHA1

491098b31eff0b9eb28581b63ef3f1ad78d3e561
SHA256

d810f68813b1fc6f0350edc96df6491eca98dab3640ec6ac1db9008b5e3fef11
SHA512

a52134c3a241ad4a1883a539d4462d3f27ce4fc235b3ca6cee59ebf5bce0e7c2e76b55a9003075cc4aec56526a5878d0322f978b0ec2f129a3ae1241256880f3
SSDEEP

3072:Ug7ZE04kfMdgaC9pkEb6SU0fBhJQL0SdxVuLJa8YrjKCdPg:Ug7frf8ckERvQD7VisXd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3764 wrote to memory of 4636	3764	rundll32.exe	91
PID 3764 wrote to memory of 4636	3764	rundll32.exe	91
PID 3764 wrote to memory of 4636	3764	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\d810f68813b1fc6f0350edc96df6491eca98dab3640ec6ac1db9008b5e3fef11.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\d810f68813b1fc6f0350edc96df6491eca98dab3640ec6ac1db9008b5e3fef11.dll,#1
  2⤵
  PID:4636