4ee7b6365b42a3efa0be145833bfeca3b735a08770cb82f4945cff64b43a2fca

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15-03-2024 02:13

Target

ca387d3bf68f503b19a9f4ef761992d8.dll
Size

87KB
MD5

ca387d3bf68f503b19a9f4ef761992d8
SHA1

32d5a7009a1443acce16c9b328825c7f17d0c1fa
SHA256

4ee7b6365b42a3efa0be145833bfeca3b735a08770cb82f4945cff64b43a2fca
SHA512

a1810de7ecf2cbcd01ef418e67b5377334d00613cd7f60320d6e951d7bafda5161e461be7c15cee7aa9a1793f3197756491611d797b671c3e31fa9daba383761
SSDEEP

1536:9jqjoQ3Qa9bYR0Zz2uaw91iexlsQ610thS7AYqPa8o0gThNpZjFL9m:AoROMAzRaq1iexls510PS7AYqS8othNm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3904 wrote to memory of 4008	3904	rundll32.exe	88
PID 3904 wrote to memory of 4008	3904	rundll32.exe	88
PID 3904 wrote to memory of 4008	3904	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca387d3bf68f503b19a9f4ef761992d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3904
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ca387d3bf68f503b19a9f4ef761992d8.dll,#1
  2⤵
  PID:4008