da44f5c6df5d992c75bc9f74bb30835b2f197c14469775bc6f003495568e6abe

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
12/07/2024, 01:16

Target

200629802ba2b14ca2b8b12ee26b1190N.dll
Size

32KB
MD5

200629802ba2b14ca2b8b12ee26b1190
SHA1

3d165d5fb914875a03461ccb2ff6faa4b0b51573
SHA256

da44f5c6df5d992c75bc9f74bb30835b2f197c14469775bc6f003495568e6abe
SHA512

fbe165fc73293c64a11d0f9df5eb4649c42e80fb6636eb064545fc796d4cb4011463ac4a74abcb4e1f163fad4a11170e7736e16aace7c345cf16ccdde22b9b21
SSDEEP

384:3MteSUFjbKrEZEfEhO6xJV9mx6DLEIdE8HNgNujEAPzAG3igyNqc:3MLUdKrEZEfEhpUiEeE8H+0A0A

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4892 wrote to memory of 372	4892	rundll32.exe	83
PID 4892 wrote to memory of 372	4892	rundll32.exe	83
PID 4892 wrote to memory of 372	4892	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\200629802ba2b14ca2b8b12ee26b1190N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4892
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\200629802ba2b14ca2b8b12ee26b1190N.dll,#1
  2⤵
  PID:372