df1f7e44e972fdb167d5b0d7d400a0a04cb51539382c9f495a896fa4eef0a5d3

Analysis

max time kernel
94s
max time network
128s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2024 01:44

Target

df1f7e44e972fdb167d5b0d7d400a0a04cb51539382c9f495a896fa4eef0a5d3.dll
Size

6KB
MD5

038c512badb94be6e6f91b3959f17e8c
SHA1

d1d479066d22a614797ba21a1999e75442d5c0ad
SHA256

df1f7e44e972fdb167d5b0d7d400a0a04cb51539382c9f495a896fa4eef0a5d3
SHA512

58245c2c1efe8f1f118506034ec87913ad8fb6ff7fbfa3c0c1ad5a28b2e40dd383f9bf756fcc8bf28b28af80e9fc85f527afb929d280a6b2d0eedfd023f9db49
SSDEEP

48:6AA35YVOQDV8FszwydlAYsLFV3G0dB+BDq9J5S2:0QDV8FscMjsLFV31B+FqX5S2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2188 wrote to memory of 1740	2188	rundll32.exe	85
PID 2188 wrote to memory of 1740	2188	rundll32.exe	85
PID 2188 wrote to memory of 1740	2188	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\df1f7e44e972fdb167d5b0d7d400a0a04cb51539382c9f495a896fa4eef0a5d3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2188
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\df1f7e44e972fdb167d5b0d7d400a0a04cb51539382c9f495a896fa4eef0a5d3.dll,#1
  2⤵
  PID:1740