1b31456e7233acb5a44dfb9462abb3a6379c55636c12d20bef3fa74cd0395a0e

Analysis

max time kernel
134s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
03/06/2024, 19:11

Target

1b31456e7233acb5a44dfb9462abb3a6379c55636c12d20bef3fa74cd0395a0e.dll
Size

6KB
MD5

fd50ff139cddff6e0b147f6afafbb61f
SHA1

b487aad4eb9aabe345062b8f09721ef997722a6a
SHA256

1b31456e7233acb5a44dfb9462abb3a6379c55636c12d20bef3fa74cd0395a0e
SHA512

fa84e5839537f89c66b88048ab8bfeb16124233ddb6bf574a28661aa22edbed58ce1a8068f288f10c99ef5e83708fceaad447f871641059a0c2421cf08d4e21f
SSDEEP

192:EHRh1eppQqrNOPzPv6wK9AY0G6ooBON4cCUq:EHROr4PjvqSsoBON4qq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 944	4836	rundll32.exe	85
PID 4836 wrote to memory of 944	4836	rundll32.exe	85
PID 4836 wrote to memory of 944	4836	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b31456e7233acb5a44dfb9462abb3a6379c55636c12d20bef3fa74cd0395a0e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1b31456e7233acb5a44dfb9462abb3a6379c55636c12d20bef3fa74cd0395a0e.dll,#1
  2⤵
  PID:944