ec4a958ab73fa233b4bb5cbaf68ea3486384997d53740bfa9c3307ce150a59dd

Analysis

max time kernel
149s
max time network
148s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
28-04-2024 10:49

Target

rtfile32.dll
Size

364KB
MD5

ef739694ae9f9015533d572715671737
SHA1

eae74c5dd0f444a9d5ec5e2d228d9a0328707b8e
SHA256

e3adf162f87185b77b4a9b9283fb7aaedbb475f797b3cc6227c3120acd5a3645
SHA512

ae2ce09a4054ab25e4bfd1f71c4d49690b2890f81ce08407474fe47f50cf81532e184ffa894a56ca70fa657bd9b542ac57009b34083e686accbaa3c8e9954248
SSDEEP

6144:EwCrMTlrw5qHNsq/eNEzkmhl3AxHs8G4NLukxzWrvDQZm8AZgj122l5Tvu8Q9lJC:EwCr7SNsq/YEzkqAds8G4NLJxCrkZEZs

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 5064 wrote to memory of 4528	5064	rundll32.exe	rundll32.exe
PID 5064 wrote to memory of 4528	5064	rundll32.exe	rundll32.exe
PID 5064 wrote to memory of 4528	5064	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\rtfile32.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5064

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\rtfile32.dll,#1
2⤵
PID:4528