e1383a0cea8bf18076d8563e9035dba22371e2d8e6a3db746bf74dd0a16e762d

Analysis

max time kernel
150s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 01:48

Target

e1383a0cea8bf18076d8563e9035dba22371e2d8e6a3db746bf74dd0a16e762d.dll
Size

6KB
MD5

61b19243d7c1749ad189a1ae808bd0ab
SHA1

b4a18508a98154cf0e29d27c39f51003b3caa9cb
SHA256

e1383a0cea8bf18076d8563e9035dba22371e2d8e6a3db746bf74dd0a16e762d
SHA512

a5099f168823e36c0383a4bef1a223820400c7957cdde423b3cc42fb472c03564f2e031e84da2470771e7bc85d71db0b27bd754705f68139e906ba88d2c035c7
SSDEEP

48:6WQV5YVOqtV0H1pw9ygYVUG0wB+BDq9J5SC:8qtV0HAr45B+FqX5SC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3416 wrote to memory of 4324	3416	rundll32.exe	86
PID 3416 wrote to memory of 4324	3416	rundll32.exe	86
PID 3416 wrote to memory of 4324	3416	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1383a0cea8bf18076d8563e9035dba22371e2d8e6a3db746bf74dd0a16e762d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e1383a0cea8bf18076d8563e9035dba22371e2d8e6a3db746bf74dd0a16e762d.dll,#1
  2⤵
  PID:4324