096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd

Analysis

max time kernel
93s
max time network
97s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 18:24

Target

096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd.dll
Size

81KB
MD5

270592b32af87138b4496948629576b5
SHA1

6ef7eb9ee4d060192f0f300be4f04a4ba0372156
SHA256

096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd
SHA512

abd82160d8c63ffd038ca9040b6de5ccff21b5030e648fbe5e159f319e60a2ee376eb4ce4cd3b92c4bea05313684e766258112d6501fd07608a6f4006b901218
SSDEEP

1536:3NSPHQ86OsvtbRKQxpgOwkBN2QqtllYl9mMSOWWAQzcOZyR0DqSyX:3YPQ8tqZFRw6N2QqgYJOWOZyR0D/y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 1416	1228	rundll32.exe	81
PID 1228 wrote to memory of 1416	1228	rundll32.exe	81
PID 1228 wrote to memory of 1416	1228	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\096087a8366264fa20c56aa1a38a6a8f1f9bf542aa8a611751e95f00b55439bd.dll,#1
  2⤵
  PID:1416