eea8848844a9016ea218fd984b5ea82004b3aa7c81ae4fa9439f88a596be3cdd

Analysis

max time kernel
137s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 12:16

Target

System.Net.NameResolution.dll
Size

76KB
MD5

06cf7104db62855d2451d36c7abfde45
SHA1

6efc1e47b5671d5d5b00803d9f66691a11e00fb9
SHA256

eea8848844a9016ea218fd984b5ea82004b3aa7c81ae4fa9439f88a596be3cdd
SHA512

9356b48674c3259576403e58feb5eeb2b0932bd2d97260443d77b250474685da1e43418a630df3d2125d7a44108121ac096e1ac6d79fd7e40772d16c70ff260c
SSDEEP

768:2QZy2tEn19ynQJr5dEBojvnn2fJ7STZWDAUnxdaJxD/xV0FV2gR6gzyCPYjzY6:2lsPTBOufJ7SEDAUnxdYV6zyzt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 764 wrote to memory of 3128	764	rundll32.exe	82
PID 764 wrote to memory of 3128	764	rundll32.exe	82
PID 764 wrote to memory of 3128	764	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Net.NameResolution.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:764
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\System.Net.NameResolution.dll,#1
  2⤵
  PID:3128