7635079472f751071c32a41949affd5f1e70a9f01c173f8e1ba0ae41302ea97e

Analysis

max time kernel
127s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
24-05-2024 08:09

Target

RJ01082861-PC/winmm.dll
Size

98.0MB
MD5

9a1aa9699508af47640fe36328cb23b6
SHA1

72b3132e5d6bf14962879fd559f83ff595ff68fe
SHA256

a9327a09e9ea57445569a1145c212113cd95632f06474e78b50ad6d90f93951c
SHA512

60674b8d2523d808063cbd480d9b0a1f840ea2ea0437b1f86ee9b03fc2de0ad7a3bb466c34132583ea230de09c96b86ba31df7c5532f84c8a1fb3141d86fba6d
SSDEEP

3072:dVsuJAiqicMMPDbYB3TjmpaK4MRkJu+e8uiUN+5BiEK9FtS0yRAg0FujLtf/9vAK:dpA1+aDbwqahMCTukqOAOdhAxNvq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3180 wrote to memory of 456	3180	rundll32.exe	89
PID 3180 wrote to memory of 456	3180	rundll32.exe	89
PID 3180 wrote to memory of 456	3180	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\winmm.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3180
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\RJ01082861-PC\winmm.dll,#1
  2⤵
  PID:456