2c3d6134bf6160409e38f9a19f7fa3a64f1b53218b358b1a562b3cea4935ecae

Analysis

max time kernel
314s
max time network
1593s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
06-04-2024 18:21

Target

src/WebHttp.dll
Size

1.3MB
MD5

49d1368b76ea5ef7b3279d03a719e096
SHA1

67fb6bd0fc126833117aa08a3a99bb9e71436b60
SHA256

8d32708739969ea486cadd25d5c3d0bce2a23d17282e73b280c21b306c91d02b
SHA512

4134fb90c747df01b21389f7a21e5317897025dbf73a7f81602738201b429b8d083ca1e63a61ce3ecdffa6d982834b2896a1e0fbcc8be9ef3b84ffd8269a4e0e
SSDEEP

24576:zb5UVZTR01t5VR37qinFUqOmDhE3A4jsNUPLZr4zQH+iEFUFFS517cW/y:f54/WthlFUqtDhZ4jRP6zQe1MFI7cW/y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	Process	procid_target
PID 2144 wrote to memory of 516	2144	rundll32.exe	75
PID 2144 wrote to memory of 516	2144	rundll32.exe	75
PID 2144 wrote to memory of 516	2144	rundll32.exe	75

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\src\WebHttp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2144
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\src\WebHttp.dll,#1
  2⤵
  PID:516