54eeaf2314ef9a047b6d157150be498f93570ec27492d8ccee6e8ef99da6b00b

Analysis

max time kernel
102s
max time network
103s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 07:27

Target

6550cc00d08bb117be1fe4f611b558f0N.dll
Size

4.6MB
MD5

6550cc00d08bb117be1fe4f611b558f0
SHA1

d601fa23d571f7b490d45c783c477a6b55772d9e
SHA256

54eeaf2314ef9a047b6d157150be498f93570ec27492d8ccee6e8ef99da6b00b
SHA512

2982a587882175ee44e9104e61176a787e1735401c308c7ff510fd009ab57cf86e7e3a037f5902ce114ff36753c6ea42fd984479c6332eedcf2878c422d7782b
SSDEEP

98304:NPMvLNHzP6JliHXLa41RaywJkwon+AoQ69fYWF8irG4FjXLPT:NiiMHr1R12kOAFSYAhHXLb

Score

1^/10

Suspicious behavior: EnumeratesProcesses 4 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5108 wrote to memory of 2380	5108	rundll32.exe	84
PID 5108 wrote to memory of 2380	5108	rundll32.exe	84
PID 5108 wrote to memory of 2380	5108	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6550cc00d08bb117be1fe4f611b558f0N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5108
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6550cc00d08bb117be1fe4f611b558f0N.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2380

memory/2380-3-0x000000007463D000-0x00000000748B8000-memory.dmp

Filesize
2.5MB

Download
memory/2380-0-0x0000000002450000-0x0000000002451000-memory.dmp

Filesize
4KB

Download
memory/2380-5-0x0000000074620000-0x0000000074D52000-memory.dmp

Filesize
7.2MB

Download
memory/2380-6-0x0000000074620000-0x0000000074D52000-memory.dmp

Filesize
7.2MB

Download
memory/2380-7-0x0000000074620000-0x0000000074D52000-memory.dmp

Filesize
7.2MB

Download
memory/2380-8-0x000000007463D000-0x00000000748B8000-memory.dmp

Filesize
2.5MB

Download