372654eb0783aa56333a2594d68af3d0483e79d0d25c145dfbfb568285a5bbfb

Analysis

max time kernel
134s
max time network
102s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
29/05/2024, 20:25

Target

372654eb0783aa56333a2594d68af3d0483e79d0d25c145dfbfb568285a5bbfb.dll
Size

349KB
MD5

f3c32e1f81aeae4cf026f64631a4d5b1
SHA1

09c09187eb5e9c0fa404cecc4797fde257528e2e
SHA256

372654eb0783aa56333a2594d68af3d0483e79d0d25c145dfbfb568285a5bbfb
SHA512

7f2cd570f56935abf615f11be2cc14aadef8c4407c99a8c090a22cccae1fb54c198d818cea5b3d3782d504d3b32791754737fa8221e02269f2163f369e7451d3
SSDEEP

6144:wpOA+g2PGyqZOYXb7ywMIi2vxiZo5MNXVbBOK/SKKmz7E9XBa:ICgAGyq/b7ni2vxiZo5MPBOdyE9x

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5064 wrote to memory of 2788	5064	rundll32.exe	82
PID 5064 wrote to memory of 2788	5064	rundll32.exe	82
PID 5064 wrote to memory of 2788	5064	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\372654eb0783aa56333a2594d68af3d0483e79d0d25c145dfbfb568285a5bbfb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\372654eb0783aa56333a2594d68af3d0483e79d0d25c145dfbfb568285a5bbfb.dll,#1
  2⤵
  PID:2788