9ca6ca3bdab955520494a7d9c1a2075e40fa9a818782f93f5c5cc9c2b24a4323

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
14/05/2024, 00:19

Target

9ca6ca3bdab955520494a7d9c1a2075e40fa9a818782f93f5c5cc9c2b24a4323.dll
Size

81KB
MD5

c2521e04e35f58e6be345bbb34cf84de
SHA1

c72e839aa8a89e8aee14c4d8569314b4b3d01c4b
SHA256

9ca6ca3bdab955520494a7d9c1a2075e40fa9a818782f93f5c5cc9c2b24a4323
SHA512

d4417008eaf51a82438a1c8cab89fdb7383b93ef5a1c5260deaef62b71955c1039dca7ce7255dfc4cf3d8e1b84935921989821efe06ba9c9537e1ad3b3d33678
SSDEEP

1536:2tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Wv:24v4JKXTx71w0ArSsXF3enq8Wv

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 4880	212	rundll32.exe	81
PID 212 wrote to memory of 4880	212	rundll32.exe	81
PID 212 wrote to memory of 4880	212	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca6ca3bdab955520494a7d9c1a2075e40fa9a818782f93f5c5cc9c2b24a4323.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9ca6ca3bdab955520494a7d9c1a2075e40fa9a818782f93f5c5cc9c2b24a4323.dll,#1
  2⤵
  PID:4880