1b5d60b8cd4b7b7aa002c3ca2c01eb05d829033e8c5ed8a5ef83566f9d1180e3

Analysis

max time kernel
100s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19/07/2024, 13:23

Target

9dca7e51d4ff8ace4569f52cdf239200N.dll
Size

81KB
MD5

9dca7e51d4ff8ace4569f52cdf239200
SHA1

a783408de5790885b5c7f5e0736adcc1231e97b1
SHA256

1b5d60b8cd4b7b7aa002c3ca2c01eb05d829033e8c5ed8a5ef83566f9d1180e3
SHA512

c5e3540971f2f7afc3ff47d5066dc221e4b79ab742d74ed6d66334e78a0f144f1a6ea1e7d4e3a77d43a0ca47327d2e67a30610673c7d86e2da833e9d8785671b
SSDEEP

1536:RtByXv7uWGEqXZKXTadSp7Lxw9zzBPw+iASUSFOj8sWHcdF7zenq8W7:R4v4JKXTx71w0ArSsXF3enq8W7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1016 wrote to memory of 3140	1016	rundll32.exe	84
PID 1016 wrote to memory of 3140	1016	rundll32.exe	84
PID 1016 wrote to memory of 3140	1016	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dca7e51d4ff8ace4569f52cdf239200N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1016
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\9dca7e51d4ff8ace4569f52cdf239200N.dll,#1
  2⤵
  PID:3140