311b4e95cbda45c5f7f2fbd0044847ce55ab6464791e0cd51e2caa9658e6e145

Analysis

max time kernel
94s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
11/06/2024, 20:18

Target

311b4e95cbda45c5f7f2fbd0044847ce55ab6464791e0cd51e2caa9658e6e145.dll
Size

6KB
MD5

f070f83b8a6fd336822dc9f543b73bb5
SHA1

44b2de1ba43f5a5f9748bf89f4e0e82544f76b64
SHA256

311b4e95cbda45c5f7f2fbd0044847ce55ab6464791e0cd51e2caa9658e6e145
SHA512

5c36411644fe98a1cda526b39a70b694556334b52bc2e75a82a6b305359b9d3718056a51499c2d4f4fe6a27c135731a8f2d1a3d1b6e992834296088920d1c7f7
SSDEEP

96:hy859x0P8Mayc59Qp/6Fl7Lf29Gwu3KV4Wy85pU1YW+XnAqu/P:F5oLLWZT2cwuO5GX+Qb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1124 wrote to memory of 928	1124	rundll32.exe	81
PID 1124 wrote to memory of 928	1124	rundll32.exe	81
PID 1124 wrote to memory of 928	1124	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\311b4e95cbda45c5f7f2fbd0044847ce55ab6464791e0cd51e2caa9658e6e145.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\311b4e95cbda45c5f7f2fbd0044847ce55ab6464791e0cd51e2caa9658e6e145.dll,#1
  2⤵
  PID:928