a1859c710e2ce433f5cedc1378e1ec6b3d160663ad4c8ec2882c756a285a2979

Analysis

max time kernel
131s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 12:08

Target

System.Resources.Reader.dll
Size

13KB
MD5

d3673d5bb8ea7924ebd107b4bfd6816c
SHA1

7494fd549e215d0c271622091de18c157308ccd6
SHA256

a1859c710e2ce433f5cedc1378e1ec6b3d160663ad4c8ec2882c756a285a2979
SHA512

e6d60d0346c0b0792635cdd4c6a4f92de2148f42a3bc116fb2f9098e0db8cea1b1c9c6a9debc79e3cd65dc162790903c7386651a4f65348857e2261fceb85696
SSDEEP

192:5NW4AwWadlx37U1tWsI9A9GaHnhWgN7aQWwaTAAP+CjAWqnajKsbUi28VO:DW4AwWcP37ccyHRN7XaEAP+CcWlGsbUT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3592 wrote to memory of 736	3592	rundll32.exe	81
PID 3592 wrote to memory of 736	3592	rundll32.exe	81
PID 3592 wrote to memory of 736	3592	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Resources.Reader.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Resources.Reader.dll,#1
  2⤵
  PID:736