9b7406dd2bd4a581271f4f2715d7d6c997e5766929c8fcc566972a70e5fd3405

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14-06-2024 01:48

Target

9b7406dd2bd4a581271f4f2715d7d6c997e5766929c8fcc566972a70e5fd3405.dll
Size

854KB
MD5

528fa988f93f5157fa9097c19a06376a
SHA1

eb451bfb417ef41d882ce955ba0ea53fa2c1cc3d
SHA256

9b7406dd2bd4a581271f4f2715d7d6c997e5766929c8fcc566972a70e5fd3405
SHA512

3aaaf564343b7e84294bb003996cc778865870ecae1a177ec11fdb32b34464e24350262c7d00718dfd1cd120fc4a2d4d2dfb7588b7cfde48355c5790c5523b9f
SSDEEP

12288:Grk1jWLI5SpfGrcwg8GRgyOOOOOOOOOYBlnGxp/J/dOZ/i00wnD1XHJshBmNVSJ9:GrnEMP+CI/JF6D0gDVH+mnIjT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2460 wrote to memory of 1392	2460	rundll32.exe	81
PID 2460 wrote to memory of 1392	2460	rundll32.exe	81
PID 2460 wrote to memory of 1392	2460	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b7406dd2bd4a581271f4f2715d7d6c997e5766929c8fcc566972a70e5fd3405.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2460
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9b7406dd2bd4a581271f4f2715d7d6c997e5766929c8fcc566972a70e5fd3405.dll,#1
  2⤵
  PID:1392

memory/1392-0-0x0000000074D41000-0x0000000074D47000-memory.dmp

Filesize
24KB

Download
memory/1392-1-0x0000000074D40000-0x0000000074E18000-memory.dmp

Filesize
864KB

Download
memory/1392-2-0x0000000074D40000-0x0000000074E18000-memory.dmp

Filesize
864KB

Download
memory/1392-3-0x0000000074D40000-0x0000000074E18000-memory.dmp

Filesize
864KB

Download
memory/1392-4-0x0000000074D40000-0x0000000074E18000-memory.dmp

Filesize
864KB

Download
memory/1392-5-0x0000000074D40000-0x0000000074E18000-memory.dmp

Filesize
864KB

Download