16e1f43d65fcc9ffbd43da6d880a6cc81357b99693d7c38facb2a1c5968c2775

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 03:48

Target

16e1f43d65fcc9ffbd43da6d880a6cc81357b99693d7c38facb2a1c5968c2775.dll
Size

999KB
MD5

54350c613f5f1436434cc34810a72c40
SHA1

9936bbe7ecef5e513efd2386868d9bd3611cbe19
SHA256

16e1f43d65fcc9ffbd43da6d880a6cc81357b99693d7c38facb2a1c5968c2775
SHA512

59d072fcc0818308b0d3703753481a489b0327ce77f7b4c3bc7676cd941a5bd9fc190bee6e4dccde60df0cc89019d7e8396b59c57319d2f81191044badf8335a
SSDEEP

12288:13+lBqjO+zgIZGRt8Jyokvb6NM1IFPqn6QWZ:u8nHIIFP+6QWZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1344 wrote to memory of 444	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 444	1344	rundll32.exe	rundll32.exe
PID 1344 wrote to memory of 444	1344	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16e1f43d65fcc9ffbd43da6d880a6cc81357b99693d7c38facb2a1c5968c2775.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1344

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\16e1f43d65fcc9ffbd43da6d880a6cc81357b99693d7c38facb2a1c5968c2775.dll,#1
2⤵
PID:444