56df2d74c483a0cc4483e87cffb31b842ed691db716d970bfbb78140e8e5ce66

Analysis

max time kernel
101s
max time network
101s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 06:27

Target

5c6a3c966aafd06cf476c24f68889950N.dll
Size

177KB
MD5

5c6a3c966aafd06cf476c24f68889950
SHA1

7a01345dccdc4529644ea290241cfabaad7f639d
SHA256

56df2d74c483a0cc4483e87cffb31b842ed691db716d970bfbb78140e8e5ce66
SHA512

abcb77a7996798e692353bce277e3f4780b984d785e00eb7fa9dd15c95b05c4ffd6e362197dd0a5f64ef6cfd427e8f00c17c7455314153d908a3832b3e52cf3b
SSDEEP

3072:ru9O/49HssqUj5RbSUTomFrSrkYCmojkihpCICIGXBJvIicWkip:ru9OAtFTnEwr2FihpCLvMip

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2528 wrote to memory of 4480	2528	rundll32.exe	84
PID 2528 wrote to memory of 4480	2528	rundll32.exe	84
PID 2528 wrote to memory of 4480	2528	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c6a3c966aafd06cf476c24f68889950N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2528
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5c6a3c966aafd06cf476c24f68889950N.dll,#1
  2⤵
  PID:4480