44f6cafa664f59b2476efe1eca25e850e55be4513b0d288ab1bc9e3cb4418780

Analysis

max time kernel
51s
max time network
51s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
10/06/2024, 21:28

Target

44f6cafa664f59b2476efe1eca25e850e55be4513b0d288ab1bc9e3cb4418780.dll
Size

937KB
MD5

a586b89528b2971040ce34663527c41c
SHA1

8887c3043770264232964bcc09164e4f86f202e0
SHA256

44f6cafa664f59b2476efe1eca25e850e55be4513b0d288ab1bc9e3cb4418780
SHA512

af1455828df69f564f71cc25e1b5b9184ee38be8c746b477c5a25c91b9c83c50e739c8fd98462a499107553ca1281703e9d36bc024531d60458056c639a41318
SSDEEP

24576:Mk5x0Z1jgIr+hNnhrELDwRFChm1wXWGhPHwoolAz1hxPm6dZpjTGqzSWOkrEH7jK:Mk41jZf5zSO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4836 wrote to memory of 2264	4836	rundll32.exe	82
PID 4836 wrote to memory of 2264	4836	rundll32.exe	82
PID 4836 wrote to memory of 2264	4836	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\44f6cafa664f59b2476efe1eca25e850e55be4513b0d288ab1bc9e3cb4418780.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4836
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\44f6cafa664f59b2476efe1eca25e850e55be4513b0d288ab1bc9e3cb4418780.dll,#1
  2⤵
  PID:2264