660bdd4f6b2d04cde70024ae90837d57d5bf321886739727de3b0ae1fe0fe31c

Analysis

max time kernel
132s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2024, 12:34

Target

AppResolver.dll
Size

417KB
MD5

cbb4b3cc8a003302671e8bb88f9958ea
SHA1

a074a2da19ecf96e8e6f1d0909fe834f0797cb7b
SHA256

660bdd4f6b2d04cde70024ae90837d57d5bf321886739727de3b0ae1fe0fe31c
SHA512

04dcd8ee155eb0507f44f44d985fb2cbddc98b1d027419c419a94e6f5e9a489ab0b7d311e5b361cfcc97f0e11c42300258963585c9f76283151fd46f97b2c149
SSDEEP

6144:UuKSdRYTlwL/b+OyRT1AGn6xLBf1tSvGm1uxnMM1fqhUUmX1tiwM5CCLgywTTOvl:UuYi+5RTCG6x5TmoMM10A

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 3992	2488	rundll32.exe	82
PID 2488 wrote to memory of 3992	2488	rundll32.exe	82
PID 2488 wrote to memory of 3992	2488	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\AppResolver.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\AppResolver.dll,#1
  2⤵
  PID:3992