100d378f3700ab01faf1f32dd445b6e77d2e667cfb1fafc0539a6bf457b5b59e

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
28/04/2024, 18:40

Target

100d378f3700ab01faf1f32dd445b6e77d2e667cfb1fafc0539a6bf457b5b59e.dll
Size

1.3MB
MD5

5b6dbe722d8cbf1ea7716c74f10c6520
SHA1

48331923857caed6db42a267978126967dc650fb
SHA256

100d378f3700ab01faf1f32dd445b6e77d2e667cfb1fafc0539a6bf457b5b59e
SHA512

b06d9a0f7b919729607bf28985146ccf3756c0b133f7cd58e2f4878b4f160520cc77690745cfcf471ab78f5e11959581a541841a794f13a5c64aa5718579d8f5
SSDEEP

24576:DngMBloPD0jUv3p92wlI5tolDQX4kREFNeRPUVUFU/28:Dlkj27IDQ4kSNeRPUVUS/28

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2160 wrote to memory of 2900	2160	rundll32.exe	81
PID 2160 wrote to memory of 2900	2160	rundll32.exe	81
PID 2160 wrote to memory of 2900	2160	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\100d378f3700ab01faf1f32dd445b6e77d2e667cfb1fafc0539a6bf457b5b59e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\100d378f3700ab01faf1f32dd445b6e77d2e667cfb1fafc0539a6bf457b5b59e.dll,#1
  2⤵
  PID:2900