14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 02:45

Target

14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll
Size

32KB
MD5

09cbc95554a15fcb35097a4335da6aa0
SHA1

191f9189d14f6892f5f8db00d81c3cf5809b5a39
SHA256

14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38
SHA512

b3e03a9ba11074ac51631ad336e8c2211677f6a0407f328de6764580ac5e3c57a55cc57e7a5bbf8941fcbb6cea1a697afd0eb53b1c7830429717921a4df8fa27
SSDEEP

768:DnXW/oHK5NEZoAUNg6CvhCoGvAFC18p+VOs:DXgEZiNrTvAFC18p+VO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2392 wrote to memory of 3872	2392	rundll32.exe	rundll32.exe
PID 2392 wrote to memory of 3872	2392	rundll32.exe	rundll32.exe
PID 2392 wrote to memory of 3872	2392	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2392

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\14cd726c88cafd335d3c4e25677e6ff9c161953a5da1b17af7810f7e3d0a1a38.dll,#1
2⤵
PID:3872