56c890addedc8aa739b7778240482fac93dcb7e4298d0a89156450ae777e37db

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
31-05-2024 21:54

Target

56c890addedc8aa739b7778240482fac93dcb7e4298d0a89156450ae777e37db.dll
Size

7KB
MD5

7174c159709a1a92962255b893ec28fd
SHA1

3c9f31f51642c6baad664e9087ba77e013f028d7
SHA256

56c890addedc8aa739b7778240482fac93dcb7e4298d0a89156450ae777e37db
SHA512

98b117c1d447255ff9f691ab4c4c1c8f9f176f859c30b54c129d68e484ef6a896c18b18270a5ad61c96f0670dca704afa392cb762bd64ffeeb1b98b390f054cf
SSDEEP

96:hyZxm/jmjhjvj3jcZGV4CEWSoShbedz3Pshmo9g8DuSBxo3yztbSuido:2M/SdjbgYrEWSoShC34dDuIxFt/id

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2708 wrote to memory of 3116	2708	rundll32.exe	83
PID 2708 wrote to memory of 3116	2708	rundll32.exe	83
PID 2708 wrote to memory of 3116	2708	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\56c890addedc8aa739b7778240482fac93dcb7e4298d0a89156450ae777e37db.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\56c890addedc8aa739b7778240482fac93dcb7e4298d0a89156450ae777e37db.dll,#1
  2⤵
  PID:3116