607a21eaa5ca46fa1483e30194585cf185bf427108011a8e94921e7bdb75b9bc

Analysis

max time kernel
131s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:19

Target

607a21eaa5ca46fa1483e30194585cf185bf427108011a8e94921e7bdb75b9bc.dll
Size

81KB
MD5

b4253227e9f495a3574fe248860d5d70
SHA1

dfa60a76c71f6964b7ce409ceaca90f607fff53c
SHA256

607a21eaa5ca46fa1483e30194585cf185bf427108011a8e94921e7bdb75b9bc
SHA512

0a8fb6ecee906d81f95f9f8506689c817ede47855959fdd061f20e3b36e38f331f703c9bf8f905bb5ad120a1162728a71580631d19523b747268a5ad49f4ea23
SSDEEP

1536:+tByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8Ws:+4v4JKXTx71w0ArSsXF3enq8Ws

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3312 wrote to memory of 4012	3312	rundll32.exe	rundll32.exe
PID 3312 wrote to memory of 4012	3312	rundll32.exe	rundll32.exe
PID 3312 wrote to memory of 4012	3312	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\607a21eaa5ca46fa1483e30194585cf185bf427108011a8e94921e7bdb75b9bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3312

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\607a21eaa5ca46fa1483e30194585cf185bf427108011a8e94921e7bdb75b9bc.dll,#1
2⤵
PID:4012