b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3

Analysis

max time kernel
129s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 02:05

Target

b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3.dll
Size

327KB
MD5

dfd7cad7ba3786cd0dda71d5cca7b190
SHA1

5a243ca6d42fab5b833fb71d9119e5a42a6438db
SHA256

b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3
SHA512

cef152237d0a7ec66d0e040ac4b6487545e355559ec93bc0a056d2f866ab81c10f4d8b4538143ab93e59e5b40acd94b2cfb3751d0439d0a31b5c2e5c0ed56624
SSDEEP

6144:EmWPDNND9yRPzLq+YXFqaZiMLic9kzVd7EAC48Ss9Ei:EmWhND9yJz+b1FcMLmp2AT8Ssd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3368 wrote to memory of 4804	3368	rundll32.exe	rundll32.exe
PID 3368 wrote to memory of 4804	3368	rundll32.exe	rundll32.exe
PID 3368 wrote to memory of 4804	3368	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3368

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b379e8921779ab91af7e385199b855a0067a23019dc3cfb19bab11393d4dcdc3.dll,#1
2⤵
PID:4804