d9498d19eab1b5a4c5c401826881b990666b59322669688b24119d989a959935

Analysis

max time kernel
130s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 12:42

Target

Windows.Devices.Enumeration.ps.dll
Size

29KB
MD5

d69ea6b69d93f4e4ff381e20d2f9581f
SHA1

d7134d7e6023eb5d61e470714048ca9b80bc805a
SHA256

d9498d19eab1b5a4c5c401826881b990666b59322669688b24119d989a959935
SHA512

0e7be2eaf36926daf2f9d5e5e2745a7a7d24d1e489e25fd57076e732f0ccc8927348bfe7823fef3b02c43bd3010c87944b4bce4f63123002bd618cfdff8b2d23
SSDEEP

192:sCgMOfvNByqqFkJxO8iIMQU+JC8lEjjVkv0ja1a9PaWCUoJW4yz65IWp/buX:Bkf7UoCOGjcuH9PaWC7JW4yWq2buX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1772 wrote to memory of 4920	1772	rundll32.exe	83
PID 1772 wrote to memory of 4920	1772	rundll32.exe	83
PID 1772 wrote to memory of 4920	1772	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windows.Devices.Enumeration.ps.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windows.Devices.Enumeration.ps.dll,#1
  2⤵
  PID:4920