546804de199e9c0c594c8fe15dd11bb7c6b841bc0ae81ff823bfbf0821c7f1d1

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 23:11

Target

546804de199e9c0c594c8fe15dd11bb7c6b841bc0ae81ff823bfbf0821c7f1d1.dll
Size

6KB
MD5

f37f0f2a12b9f4047d30e62e6f9dea10
SHA1

7c22302ca718a1f9b3f57da54c96b9b5700d25a8
SHA256

546804de199e9c0c594c8fe15dd11bb7c6b841bc0ae81ff823bfbf0821c7f1d1
SHA512

ca710abd01dfbe503fedcc2883fdc68740c2270374f3ece48a96221104cf74f26dda6b35f08ee72c0463205dca082219faad7a2723843967c7ce9a1aa415b76e
SSDEEP

48:6amN5YVOy1VEvy/dw25M+e02cB+BDq9J5SzXH:Wy1VEvayP+GcB+FqX5SzX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2496 wrote to memory of 536	2496	rundll32.exe	rundll32.exe
PID 2496 wrote to memory of 536	2496	rundll32.exe	rundll32.exe
PID 2496 wrote to memory of 536	2496	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\546804de199e9c0c594c8fe15dd11bb7c6b841bc0ae81ff823bfbf0821c7f1d1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2496

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\546804de199e9c0c594c8fe15dd11bb7c6b841bc0ae81ff823bfbf0821c7f1d1.dll,#1
2⤵
PID:536