e3ff1ea9408bb4ddb938cc6c14d5578b5852cee294a19dda7971c23f08a5fdf1

Analysis

max time kernel
138s
max time network
100s
platform
windows10-2004_x64
resource
win10v2004-20240419-en
resource tags

arch:x64arch:x86image:win10v2004-20240419-enlocale:en-usos:windows10-2004-x64system
submitted
02/05/2024, 04:49

Target

e3ff1ea9408bb4ddb938cc6c14d5578b5852cee294a19dda7971c23f08a5fdf1.dll
Size

5KB
MD5

d624cda14995409badc005ec1a2ef641
SHA1

cd92ea69289ab3c25142503ff638b152b27bf267
SHA256

e3ff1ea9408bb4ddb938cc6c14d5578b5852cee294a19dda7971c23f08a5fdf1
SHA512

a109d7e5fc8d49c1ce246e5f1c021a8ee28ececceb2b6292c81fb25955328a104980f650863ea207680184a6436e72bd5763721917c622087697cc9cc206e758
SSDEEP

96:DixZjmjtjd8jPjcZGR5TIJL6l4nlXmnyfvF03yx+vWmB9pB:unSR6bgYm6lryfC3tvT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 536	2264	rundll32.exe	85
PID 2264 wrote to memory of 536	2264	rundll32.exe	85
PID 2264 wrote to memory of 536	2264	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3ff1ea9408bb4ddb938cc6c14d5578b5852cee294a19dda7971c23f08a5fdf1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e3ff1ea9408bb4ddb938cc6c14d5578b5852cee294a19dda7971c23f08a5fdf1.dll,#1
  2⤵
  PID:536