7db732ae18b531481d52b165a473da59b88e08afb3e05d0d493ace533a5b057c

Analysis

max time kernel
146s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 23:19

Target

7db732ae18b531481d52b165a473da59b88e08afb3e05d0d493ace533a5b057c.dll
Size

5KB
MD5

afaf74a39a6f5d1a938e50996da15ac0
SHA1

4407f76c397898afea73da2257224babfd2a58f9
SHA256

7db732ae18b531481d52b165a473da59b88e08afb3e05d0d493ace533a5b057c
SHA512

2732bb6d6a54fbf71e936e16919706a235cd2890de5668eb7d186840c3b2f835b99d7fba0ceba27d89f26a1196cf1b61399b0a6bace7dd6640e59c7b940b8577
SSDEEP

96:hy859x0P8MaVf7//tfrn/JHBaHn3GCjFXs:F5oLuLtfbJHEHWCBX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3816 wrote to memory of 3592	3816	rundll32.exe	84
PID 3816 wrote to memory of 3592	3816	rundll32.exe	84
PID 3816 wrote to memory of 3592	3816	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7db732ae18b531481d52b165a473da59b88e08afb3e05d0d493ace533a5b057c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3816
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7db732ae18b531481d52b165a473da59b88e08afb3e05d0d493ace533a5b057c.dll,#1
  2⤵
  PID:3592