1a2f208e4a0d4e3402ae51f44fb109647cbd1f6b612a0b1c0b73f213fac1bb56

Analysis

max time kernel
141s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 13:15

Target

1a2f208e4a0d4e3402ae51f44fb109647cbd1f6b612a0b1c0b73f213fac1bb56.dll
Size

2.4MB
MD5

a2c443ca04c4799de3fe6dd4da0567af
SHA1

d790c8b38434db01caa0cfdab6ad73c2193f6df6
SHA256

1a2f208e4a0d4e3402ae51f44fb109647cbd1f6b612a0b1c0b73f213fac1bb56
SHA512

3f9b58f0c39a62813a80b209735313e3d9f7817abdcb5549b8087be10078aa08ebc70243f9543de0a93f3f22ed5f5e728751bb4d36c5472a69d42f413a3b64e2
SSDEEP

49152:dC1ge8DnlmBFjvJxHAzmb9zxgSjEej629UXhubAbtCqQGm/ThEBVhVptvZG:c2uHAzm5zxaejTbAbtNzm0fO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2912 wrote to memory of 2620	2912	rundll32.exe	82
PID 2912 wrote to memory of 2620	2912	rundll32.exe	82
PID 2912 wrote to memory of 2620	2912	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a2f208e4a0d4e3402ae51f44fb109647cbd1f6b612a0b1c0b73f213fac1bb56.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2912
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1a2f208e4a0d4e3402ae51f44fb109647cbd1f6b612a0b1c0b73f213fac1bb56.dll,#1
  2⤵
  PID:2620