d66fb45ac46571e4e0f486e82fc0bd69d157d7cef97584cfdd5f2dcd2e7f38eb

Analysis

max time kernel
92s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
15/07/2024, 09:38

Target

bc654875cf8b5f692e6119361af4ce60N.dll
Size

6KB
MD5

bc654875cf8b5f692e6119361af4ce60
SHA1

b1e52f34861ae23f5ff15eaebfee7987ebe73019
SHA256

d66fb45ac46571e4e0f486e82fc0bd69d157d7cef97584cfdd5f2dcd2e7f38eb
SHA512

5a9784c3ee90113f0cd5db883e3d7c9051d91bbf4141a20c2528a4e5e8d7ccd25f0945f3a249c18a74e462579f17bc224efe6ae39f6833f81501d2ad793cc20f
SSDEEP

48:CCy86+Wet9Q/iooHeiefhe+/lSMYEqkELHx+QGKGCUjANs780dR+OXh0G/ZLT1eC:hy859x0P8MakK/6d/XhN/HHZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 916	4828	rundll32.exe	83
PID 4828 wrote to memory of 916	4828	rundll32.exe	83
PID 4828 wrote to memory of 916	4828	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc654875cf8b5f692e6119361af4ce60N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc654875cf8b5f692e6119361af4ce60N.dll,#1
  2⤵
  PID:916