70e8fae79f31ff414dac5426bcb258d461f9d4ea21c201a4b31e17830c5486d8

Analysis

max time kernel
133s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:02

Target

70e8fae79f31ff414dac5426bcb258d461f9d4ea21c201a4b31e17830c5486d8.dll
Size

317KB
MD5

b209744dba473c2c72b54c7c7a56eb78
SHA1

113b74e41038bbfdf1ad60601b235355a85f93c0
SHA256

70e8fae79f31ff414dac5426bcb258d461f9d4ea21c201a4b31e17830c5486d8
SHA512

c2865c528f6552e7f10bbfccad73d3aa87a786760dc630dfd392d8f2e6210e25facaa4df05e796056573184c5802afbcaa74aa4999045ddcf36a0bdca1260287
SSDEEP

6144:zmWoza0a1IMVVEb3uqRpwIUV9lMYmFQqZRRphLuVucfb8ehbjN8wS21bKRTw4f3Q:zmWQa0a1IMVr9eMqbRzLuVucfb8ehbjH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2108 wrote to memory of 2620	2108	rundll32.exe	rundll32.exe
PID 2108 wrote to memory of 2620	2108	rundll32.exe	rundll32.exe
PID 2108 wrote to memory of 2620	2108	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70e8fae79f31ff414dac5426bcb258d461f9d4ea21c201a4b31e17830c5486d8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70e8fae79f31ff414dac5426bcb258d461f9d4ea21c201a4b31e17830c5486d8.dll,#1
  2⤵
  PID:2620