71b13e57376d2a6e5a77c3c2300144860e1bd4af5b1119c59c5262c89c8c0cef

Analysis

max time kernel
134s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:04

Target

71b13e57376d2a6e5a77c3c2300144860e1bd4af5b1119c59c5262c89c8c0cef.dll
Size

7KB
MD5

2571dc02e32cace77ee647e900e32c9a
SHA1

df4b8600417bf0b4abda61989ac47b43b3bdf89b
SHA256

71b13e57376d2a6e5a77c3c2300144860e1bd4af5b1119c59c5262c89c8c0cef
SHA512

1ec23fb2d688f452f0fbc28083ce8d92b499d42abc0656eb00a73f33c19622318d800202a034e2b5145041d0b1bca65ada35d8bec7ebae108e98ebed015589ac
SSDEEP

96:xQ3oHUf/9UsKQOYpURtutF0O6wNScXxZ/9IiPXAIym2WNC1EWSYqQOMf8HP:aZl1gotR/9IiPXAIN2WNBWSYfZ8v

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4436 wrote to memory of 4268	4436	rundll32.exe	rundll32.exe
PID 4436 wrote to memory of 4268	4436	rundll32.exe	rundll32.exe
PID 4436 wrote to memory of 4268	4436	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71b13e57376d2a6e5a77c3c2300144860e1bd4af5b1119c59c5262c89c8c0cef.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4436

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\71b13e57376d2a6e5a77c3c2300144860e1bd4af5b1119c59c5262c89c8c0cef.dll,#1
2⤵
PID:4268