9efa4123702695dfd4679a2cef697690711f207482fc6faa136ffcf2f40bc37e

Analysis

max time kernel
134s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 00:18

Target

9efa4123702695dfd4679a2cef697690711f207482fc6faa136ffcf2f40bc37e.dll
Size

445KB
MD5

f641bffdc46c9f34fad1cd7fddc77b53
SHA1

a751f090bbe59b13d7e5203decbcd7f939ff093e
SHA256

9efa4123702695dfd4679a2cef697690711f207482fc6faa136ffcf2f40bc37e
SHA512

59c63e2892caaa90284db5f679be08b6906d67b2205063014ce6054f81f6ce797bc92986d35f45e5f6ea7798b596ef154e600ad3681cf4c4fc2cdee2ca17b95f
SSDEEP

6144:I3XlfYRqArLHdF5gDnZ5hoCwUC37cro0Fm/uKaH6LLS3nHahzVxpumh:I3XwqArLHdFWZ5hoCz3rHFmdnVJh

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 3696	4392	rundll32.exe	82
PID 4392 wrote to memory of 3696	4392	rundll32.exe	82
PID 4392 wrote to memory of 3696	4392	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9efa4123702695dfd4679a2cef697690711f207482fc6faa136ffcf2f40bc37e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9efa4123702695dfd4679a2cef697690711f207482fc6faa136ffcf2f40bc37e.dll,#1
  2⤵
  PID:3696