61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e

Analysis

max time kernel
134s
max time network
106s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 00:25

Target

61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll
Size

81KB
MD5

cd765fb84e19224fc22616e41709f540
SHA1

818a6f9c789947df00c7b5c9c5fc87d55c5e516e
SHA256

61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e
SHA512

e5ef7b21c82d11f7d9d916603fd708c183b1e76c2def957ccadb444909c7f059adf5eea50f7a929e9ddddc7aab7ced5eb63dc47895c475437e207637b68f492c
SSDEEP

1536:Qc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+GZ:v+5oxmqAiR8+/RBkez0U+2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2956 wrote to memory of 3984	2956	rundll32.exe	rundll32.exe
PID 2956 wrote to memory of 3984	2956	rundll32.exe	rundll32.exe
PID 2956 wrote to memory of 3984	2956	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2956

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\61be8542ff99c17c4c2ee6b5aad60a12cc93c3c0f5761429918cd041726a992e.dll,#1
2⤵
PID:3984