c9364e7a1cf7e895844e7e7ab823493c4d74f0ffa0f982007d92a8b035c1427a

Analysis

max time kernel
133s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23/05/2024, 02:58

Target

c9364e7a1cf7e895844e7e7ab823493c4d74f0ffa0f982007d92a8b035c1427a.dll
Size

395KB
MD5

92cae6c0a74da5f9c08a6c852f9235ea
SHA1

fc359fb891fad6b7842904ebcf79facbb70d0fa3
SHA256

c9364e7a1cf7e895844e7e7ab823493c4d74f0ffa0f982007d92a8b035c1427a
SHA512

0dee378cd6335dc79d870c3619292847013388373085d997ffbb2fd26aca361f7af091af337a45e5cb7bc932434edf9c8813cb05a90ea9b00208a3922fc15b60
SSDEEP

6144:cyodfBk/IuNp7O1SLefw4BvwBooeVDSsidDeMHNfncM5Mhhuy+V50DErSAOzM2b:IwFI1Vw4BoBorxZTkcSMjbhDRpM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 212 wrote to memory of 1236	212	rundll32.exe	83
PID 212 wrote to memory of 1236	212	rundll32.exe	83
PID 212 wrote to memory of 1236	212	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9364e7a1cf7e895844e7e7ab823493c4d74f0ffa0f982007d92a8b035c1427a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:212
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c9364e7a1cf7e895844e7e7ab823493c4d74f0ffa0f982007d92a8b035c1427a.dll,#1
  2⤵
  PID:1236