79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc

Analysis

max time kernel
132s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:37

Target

79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll
Size

81KB
MD5

50d54607593d90b58e1dc3e02fe50af0
SHA1

5580a52426acac28f2ea5071a505e4fc0c125a09
SHA256

79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc
SHA512

fa5db7c952f5da0b1574271d2a5a5bbbfce03207f773a532f460c1ecb650698402e292b36cc034790c49bc1b611a014017d6ad9f60635ca952bf93a2e05c085c
SSDEEP

1536:Sc+UPvS0RKCmqAvj45Hx8u05iecuYSoosWaocdBkez0U+Gl:x+5oxmqAiR8+/RBkez0U+i

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4388 wrote to memory of 2800	4388	rundll32.exe	rundll32.exe
PID 4388 wrote to memory of 2800	4388	rundll32.exe	rundll32.exe
PID 4388 wrote to memory of 2800	4388	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4388

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\79702cd412b8c580bc3404f816a623efb1b4370df597539e871d776359c325bc.dll,#1
2⤵
PID:2800