f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2024, 14:47

Target

f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855.dll
Size

2.2MB
MD5

58d8eb5fb823c47e4dd8e2017dee9f79
SHA1

94b2ebe22236776767cba123270f195c10c1aceb
SHA256

f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855
SHA512

3a6957126eb355d2e5f883f634db12c10d88d9f0fcaf797f18d059ebbce3e3d482aa22f43dbacf59c15aaf1dc1ec278eb699387b3027eb08c6315a4a0d90ede6
SSDEEP

49152:hclG+WNa5KP830dfBbH2S1EKs9tEYWg0HI8f7PSPdKstMy:hclRWNr03MfBr2p9tYg0/LCdKst

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 536 wrote to memory of 5000	536	rundll32.exe	81
PID 536 wrote to memory of 5000	536	rundll32.exe	81
PID 536 wrote to memory of 5000	536	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f81d611c07b2b20fcb75b82580159bc4aaeac6ade42ba3d4a456b175cd03f855.dll,#1
  2⤵
  PID:5000

memory/5000-0-0x0000000074F30000-0x00000000754F4000-memory.dmp

Filesize
5.8MB

Download