23a66b32dfa75a94036870a1dce0bfabe6b52331eb2bed02e6953b9fead97298

Analysis

max time kernel
145s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 11:53

Target

clrjit.dll
Size

1.3MB
MD5

dab01669580678e2a8a85c08db50a333
SHA1

1ec047092cfc98e34e3151964198e7e5d84c5aaa
SHA256

e1a5eb5b0ab98c2203eb5657a80530dfbfe01c4a6cd790d4f15785cdb085af0f
SHA512

1aab4c45783711a29d2e182fe7e7aeb2a0c23f967dee16203485147f50b89305bde2d704caa8abaee9ddec88013253c3d00856e9e364b02aa0ed967894af3e20
SSDEEP

24576:QND9BgKbP1rKOgnKr+neEpZy0wsrng+VatfsUV7baVsQYhRBdsGN4PtsrcOtV:6D0K5+Ogn6+neEi0weg+VatUCbasYGN3

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 2464	4216	rundll32.exe	84
PID 4216 wrote to memory of 2464	4216	rundll32.exe	84
PID 4216 wrote to memory of 2464	4216	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\clrjit.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\clrjit.dll,#1
  2⤵
  PID:2464