c4db872ff7d301186516882ea06422aee29e1c11b44a4d382addd5b801207818

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25/05/2024, 12:45

Target

pywintypes27.dll
Size

108KB
MD5

c7d86a10bfcd65e49a109125d4ebc8d9
SHA1

5b571dc6a703a7235e8919f69c2a7a5005ccd876
SHA256

c4db872ff7d301186516882ea06422aee29e1c11b44a4d382addd5b801207818
SHA512

b7563b4d27713ec4308c24a0b15c02fb16e184b98bb73a4616792508f4ba57fe237186595b55e3fa476d6959388edd8678ea516ce620ee90c909a7b988d8b908
SSDEEP

3072:aK4f1OtaUsA0iMGhAPNdOcfY9rgGHXY7bi0OouFsXOKRtyEtq1:aLfYtaUsJiMGhAPNdOA/G3Y7bi03uiXo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5052 wrote to memory of 2988	5052	rundll32.exe	82
PID 5052 wrote to memory of 2988	5052	rundll32.exe	82
PID 5052 wrote to memory of 2988	5052	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pywintypes27.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5052
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\pywintypes27.dll,#1
  2⤵
  PID:2988