3c9f70f2a643c56b57418943b13ee7adc428847b6c33bd24791675696f7c4969

Analysis

max time kernel
148s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 20:44

Target

3c9f70f2a643c56b57418943b13ee7adc428847b6c33bd24791675696f7c4969.dll
Size

18KB
MD5

58cddbb6f897d8542e382de098f1a13e
SHA1

5ebe6671b74ee7fd7706acea4b67351859c67517
SHA256

3c9f70f2a643c56b57418943b13ee7adc428847b6c33bd24791675696f7c4969
SHA512

6a5e6cd047689d01b09a996fb443ca15452b692bfd6f4e818f56f5e0423fe04196e805aad4566cf24a0d49f518892c26005354840f50173d369c4d91a07dd5c3
SSDEEP

384:PmrX8JzNjkm5M2mNDC7yhuC5w56SofousWu4GL:PVlmm5MhcVCysSoQuS1

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 2212	5056	rundll32.exe	88
PID 5056 wrote to memory of 2212	5056	rundll32.exe	88
PID 5056 wrote to memory of 2212	5056	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c9f70f2a643c56b57418943b13ee7adc428847b6c33bd24791675696f7c4969.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c9f70f2a643c56b57418943b13ee7adc428847b6c33bd24791675696f7c4969.dll,#1
  2⤵
  PID:2212