fa3cba39aeeb19f970d6b9be538de26249ccffeea5a5adf01f27404220757070

Analysis

max time kernel
93s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29-03-2024 05:24

Target

fa3cba39aeeb19f970d6b9be538de26249ccffeea5a5adf01f27404220757070.dll
Size

81KB
MD5

de8285acd37ebeee434edb85547bb32d
SHA1

8e65a9537fd166c59e27ed0248787839314b3d8a
SHA256

fa3cba39aeeb19f970d6b9be538de26249ccffeea5a5adf01f27404220757070
SHA512

f2796b5c5b238af0d37b6cd0bb6043215d063bb3f16141f07687ec4817f31a2518d087612bc60c22a6b4875190d868c65bd18f99a0dfcd1e84ce74ca8dc82dae
SSDEEP

1536:Kc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+GF:p+5oxmqAiR8+/RBkez0U++

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2720 wrote to memory of 228	2720	rundll32.exe	86
PID 2720 wrote to memory of 228	2720	rundll32.exe	86
PID 2720 wrote to memory of 228	2720	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa3cba39aeeb19f970d6b9be538de26249ccffeea5a5adf01f27404220757070.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2720
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\fa3cba39aeeb19f970d6b9be538de26249ccffeea5a5adf01f27404220757070.dll,#1
  2⤵
  PID:228