c58f7a0bb02aed16adcbba017e510d08485175b25fb4c03007cf7a606aec7b54

Analysis

max time kernel
90s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2024, 14:46

Target

mmkeybsupp.dll
Size

34KB
MD5

716df622770ee4c8eb452d0a09437ca9
SHA1

11b9f48d821a04a49c5890a6ba5660497961209b
SHA256

4a9e6d001b807f2cb53d1262b5305bc4c7a1fa0377cbba3a34a88398285beba0
SHA512

265cc1d99484db505ca6d16e4db955b01a5e2f5e0b6b72b6366ccca7cb68e2f085b5d0c1dd42e696ee9b97cd0f4bcfd8de9b6ae6ac6bd753a945e1f82dca23d1
SSDEEP

384:Dc2Cl0jnZL4F+UtSCXwH5R0bbf2BfXNWLV2hGK0qwv47S7uibrZrvADeXT4XNvdL:DcFATUtRLHf2BfXNWLIGKPwOCzrYDVr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3744 wrote to memory of 2696	3744	rundll32.exe	86
PID 3744 wrote to memory of 2696	3744	rundll32.exe	86
PID 3744 wrote to memory of 2696	3744	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mmkeybsupp.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mmkeybsupp.dll,#1
  2⤵
  PID:2696