4bd610001e6f10a90065387a8ec799cd55d0f47d6461981b777ddcb1a26251c3

Analysis

max time kernel
146s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
15-07-2024 14:23

Target

4bd610001e6f10a90065387a8ec799cd55d0f47d6461981b777ddcb1a26251c3.dll
Size

3.3MB
MD5

5b1b4203972f479a83f027bfefde62e3
SHA1

62a254292066e113c57f6857d90b7966d69f3d96
SHA256

4bd610001e6f10a90065387a8ec799cd55d0f47d6461981b777ddcb1a26251c3
SHA512

9f2c6b98a5d2c47933098af4332a1aa20f01123ea8f5e132cc07b1fffdd19b7c6220c3474e5efdaadc15432dd232a45b8dd9da025c106b8dcc57f151e7388048
SSDEEP

49152:BaO2Sy762+RWJx9uUHSTzusoIbmls963fTmBSEh5uewAZQ33ESY:ZiW2pf9XSTzHh6m963fqueZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 2412	4220	rundll32.exe	78
PID 4220 wrote to memory of 2412	4220	rundll32.exe	78
PID 4220 wrote to memory of 2412	4220	rundll32.exe	78

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bd610001e6f10a90065387a8ec799cd55d0f47d6461981b777ddcb1a26251c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bd610001e6f10a90065387a8ec799cd55d0f47d6461981b777ddcb1a26251c3.dll,#1
  2⤵
  PID:2412