9d061ffda5656d024b37704d89e016fc53846956dcf81db2eae2c78b3aa88791

Analysis

max time kernel
93s
max time network
116s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
19/04/2024, 01:01

Target

9d061ffda5656d024b37704d89e016fc53846956dcf81db2eae2c78b3aa88791.dll
Size

81KB
MD5

3e782fdd9ea5cee4af0a4afe623c1ea5
SHA1

ad7d47f5e99bd3aed2308bfec0eb34e6b7f0e56d
SHA256

9d061ffda5656d024b37704d89e016fc53846956dcf81db2eae2c78b3aa88791
SHA512

272b83e90628590599f5374a9970415ea696a9392011712c13ec649891a52a83df18d3f44a6afd19c74720d610c32f8b80808cfbbecc4be2d5344d653992f47f
SSDEEP

1536:Wc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+Go:t+5oxmqAiR8+/RBkez0U+7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4468 wrote to memory of 2160	4468	rundll32.exe	85
PID 4468 wrote to memory of 2160	4468	rundll32.exe	85
PID 4468 wrote to memory of 2160	4468	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d061ffda5656d024b37704d89e016fc53846956dcf81db2eae2c78b3aa88791.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9d061ffda5656d024b37704d89e016fc53846956dcf81db2eae2c78b3aa88791.dll,#1
  2⤵
  PID:2160