419c51d8608fe5b1c3fa9c033f82433c9838bed880c5316c8d81e753436fe994

Analysis

max time kernel
140s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 23:54

Target

Windows-Activator-main/BIN/x86/slc.dll
Size

6KB
MD5

e2840606372ab67b7107ce757d506c28
SHA1

87c1c645eba6d6a2aa695d4fd2ece5fc5e5568ef
SHA256

37e20a504ade965184d92ed5ca415cde899090a6a20ea3abf8c85ff9648b66f4
SHA512

cf7914a6a8c6d878caeb7f726f86fbdc77d2ea246d9ea600d82a0c66e4154ee0acdbd3ff5949523b35642735d741fde39d177e5d4aff83ea4475ef84e0188ab6
SSDEEP

96:B42g18NxaCRTqVSv6SqjNK03LhxMX7Z1NXSEsAYEiXR2PQ9zy:SQRTYSv6bzxMX7Z1NXSEsSlPky

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4900 wrote to memory of 524	4900	rundll32.exe	84
PID 4900 wrote to memory of 524	4900	rundll32.exe	84
PID 4900 wrote to memory of 524	4900	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windows-Activator-main\BIN\x86\slc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4900
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\Windows-Activator-main\BIN\x86\slc.dll,#1
  2⤵
  PID:524