696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b

Analysis

max time kernel
129s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 22:45

Target

696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b.dll
Size

329KB
MD5

5eaa83e6c73670779eab08d468d8a631
SHA1

3e410c750e44de6d5c3e740c731bae413574c4cc
SHA256

696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b
SHA512

8dd81d9d0b065fe4bbbfac537d335dbad5093c450d98f5f19536490622eec68ffbfb1796d5b9d23231c1f1891406697d7529a080f9117022708762970e9b65ae
SSDEEP

6144:RmWhxR1arY/PbgmFOabPIIBhJXAv7eTY9suz0xhttGSrDKE3KIvSka8b2:RmWTR1arYnEKosuzY34CZ3DvSkN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4140 wrote to memory of 5024	4140	rundll32.exe	rundll32.exe
PID 4140 wrote to memory of 5024	4140	rundll32.exe	rundll32.exe
PID 4140 wrote to memory of 5024	4140	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4140

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\696f06d1d03f7c1b5afd0734bd4614babcfedfb2a46de6608b81d472cad4fa9b.dll,#1
2⤵
PID:5024