1beab7444fe0d7a7bcb2d01494d1ae1fe0bd624d9c2ec4083022d3af32fc6dd7

Analysis

max time kernel
135s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22-05-2024 19:14

Target

1beab7444fe0d7a7bcb2d01494d1ae1fe0bd624d9c2ec4083022d3af32fc6dd7.dll
Size

327KB
MD5

9dfac6b74122947ceec48ac6543433ef
SHA1

304b81395e3fdcac14f6df2f1887071ad854a772
SHA256

1beab7444fe0d7a7bcb2d01494d1ae1fe0bd624d9c2ec4083022d3af32fc6dd7
SHA512

551a2c73d62167a5f3c6311f92e3dab79960a61025500b30a941f29c51f8b2615ebd84f43f62c3935548f73717e2c288e8ce2b0b2910ba4f8ec891ed836ca2b2
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2968 wrote to memory of 1284	2968	rundll32.exe	rundll32.exe
PID 2968 wrote to memory of 1284	2968	rundll32.exe	rundll32.exe
PID 2968 wrote to memory of 1284	2968	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1beab7444fe0d7a7bcb2d01494d1ae1fe0bd624d9c2ec4083022d3af32fc6dd7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1beab7444fe0d7a7bcb2d01494d1ae1fe0bd624d9c2ec4083022d3af32fc6dd7.dll,#1
  2⤵
  PID:1284