b06996845a31cffe079bf2be72b1177c3152efa3843f313aea2d3cdc2700c2d5

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
14/07/2024, 16:42

Target

b06996845a31cffe079bf2be72b1177c3152efa3843f313aea2d3cdc2700c2d5.dll
Size

2.2MB
MD5

5bb90e1a2f3d2729288088e94da21bee
SHA1

79001721ed7240a46ec691ecac4f4d4d9cc50d7c
SHA256

b06996845a31cffe079bf2be72b1177c3152efa3843f313aea2d3cdc2700c2d5
SHA512

eba9adb2ea40f74113b8f8d2eeb3aeeee22a4f355189bbfec96ade7da3ffdbd7f5d4b31921f94f32ac8016ece4d79f4d4285bb00b97e4fcfa9bbdfe8811fbbfd
SSDEEP

49152:+Z2bh6qE0RLLu30871Lu2lftSrkR56i75iNV38FYeOVENfLUjxkjL:w2V6qBLCrA8MrW6iTWfVMfLUML

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4716 wrote to memory of 3880	4716	rundll32.exe	83
PID 4716 wrote to memory of 3880	4716	rundll32.exe	83
PID 4716 wrote to memory of 3880	4716	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b06996845a31cffe079bf2be72b1177c3152efa3843f313aea2d3cdc2700c2d5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4716
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b06996845a31cffe079bf2be72b1177c3152efa3843f313aea2d3cdc2700c2d5.dll,#1
  2⤵
  PID:3880