8f8262c05b6d495bcf21c20a272b6ef4fa927b1fd72b9e9d14732527bc17ac56

Analysis

max time kernel
102s
max time network
104s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 00:19

Target

2ba4a40aa616e83f9cf18e4d6f2c5150N.dll
Size

7KB
MD5

2ba4a40aa616e83f9cf18e4d6f2c5150
SHA1

9f3a9878dc7bb448b7afa0f6b53a7a4efef2f94c
SHA256

8f8262c05b6d495bcf21c20a272b6ef4fa927b1fd72b9e9d14732527bc17ac56
SHA512

a5586cf63268186af71d4335ed51fdf7045ff65a88cf7bb27ec8a25277f0462dc05ae6c9a0ff35a64904d3bd8f56779fa6c21ea267b8015eb5d30384e7129e62
SSDEEP

96:z0QR9B6BvAwb/DiSXedzLcVsj5XubaEZw5ai6e8EA/emenn7kT:JR94/bhX1fCai6F/B67kT

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 736	5056	rundll32.exe	84
PID 5056 wrote to memory of 736	5056	rundll32.exe	84
PID 5056 wrote to memory of 736	5056	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ba4a40aa616e83f9cf18e4d6f2c5150N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5056
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ba4a40aa616e83f9cf18e4d6f2c5150N.dll,#1
  2⤵
  PID:736