efc2978b24eafd465942dc26a520ca13624f88495fbe393cc906e8c38ea59b97

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
25-06-2024 04:06

Target

efc2978b24eafd465942dc26a520ca13624f88495fbe393cc906e8c38ea59b97.dll
Size

33KB
MD5

5165f0f3fa9a930151a768e05ba08e45
SHA1

d912e14ffa5fa580faec6013af31b541a32defe0
SHA256

efc2978b24eafd465942dc26a520ca13624f88495fbe393cc906e8c38ea59b97
SHA512

68087e336d1a61e18900980df8834f875029cfb24cc4e819c17502bf83919a21ee09518b18bfa3e6ebb458720d059477b77915d3a022587aace4c8970f0a2426
SSDEEP

768:MlQ3e/PJPratE8D4gQRDwTMNzPXL8+BefwjLc:MlQ3e/RDi/D5Qdmw/Ljj4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3856 wrote to memory of 3160	3856	rundll32.exe	83
PID 3856 wrote to memory of 3160	3856	rundll32.exe	83
PID 3856 wrote to memory of 3160	3856	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\efc2978b24eafd465942dc26a520ca13624f88495fbe393cc906e8c38ea59b97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\efc2978b24eafd465942dc26a520ca13624f88495fbe393cc906e8c38ea59b97.dll,#1
  2⤵
  PID:3160