0010e43084953a9f78eb01ea2e9184bed7ae558a92e7ac926b9892cbfb39f3ac

Analysis

max time kernel
139s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
21-05-2024 05:57

Target

DragDropExperienceDataExchangeDelegated.dll
Size

35KB
MD5

b7c9f5d92308e5b5fa0d3669d6a0753e
SHA1

ca2d42e150edfdc6b037445b9d269e988ab3f017
SHA256

0010e43084953a9f78eb01ea2e9184bed7ae558a92e7ac926b9892cbfb39f3ac
SHA512

73af7aa16b6a9a460146fdb1ab045a76a97a506b060c4330fcd0aad1a3307ca3b6b8f3177129ef217c9bbf661d470c5cbe9e8eb10d9fb82837c6ee3d14e09684
SSDEEP

768:a171Odq/7DtC7Kj2tWfTnBVANR7loSqLXirUw23dZ1DiZb0u:K1AqjDo7K6tWDDA/7loSYy523dZZiZb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4860 wrote to memory of 3160	4860	rundll32.exe	83
PID 4860 wrote to memory of 3160	4860	rundll32.exe	83
PID 4860 wrote to memory of 3160	4860	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\DragDropExperienceDataExchangeDelegated.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4860
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\DragDropExperienceDataExchangeDelegated.dll,#1
  2⤵
  PID:3160