8dd8b6cd4a011df161a307a416ebfb661f39b23bfc37a1cc5e8614d9b4511e2e

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
16/06/2024, 00:05

Target

8dd8b6cd4a011df161a307a416ebfb661f39b23bfc37a1cc5e8614d9b4511e2e.dll
Size

6KB
MD5

da522f5ad43937d6f59fd6d0e7d58c32
SHA1

6c47b7d8f09bde9236263479b968a3de44fe4845
SHA256

8dd8b6cd4a011df161a307a416ebfb661f39b23bfc37a1cc5e8614d9b4511e2e
SHA512

05b25ab2d22300127db337e0dc8512097379d99aef52fbd27fe9b71cfcc73e472e0f5b064fcabc88847893483ed5b8315ec3eb072e3df4b8ea7a0a75da1e278f
SSDEEP

96:nEY2RrF1eqwi4PkasVyu1urbJgdWnwXsFviTJw7KoWL2nAB:EHRh1eppc7urbGdWnusFviCGoWyK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4268 wrote to memory of 4964	4268	rundll32.exe	82
PID 4268 wrote to memory of 4964	4268	rundll32.exe	82
PID 4268 wrote to memory of 4964	4268	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8dd8b6cd4a011df161a307a416ebfb661f39b23bfc37a1cc5e8614d9b4511e2e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8dd8b6cd4a011df161a307a416ebfb661f39b23bfc37a1cc5e8614d9b4511e2e.dll,#1
  2⤵
  PID:4964