27ed9e25513091b6b06ea1dcfd9637d4440d00fbe4252e93dc337c29f78101b8

Analysis

max time kernel
139s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
21/07/2024, 13:52

Target

27ed9e25513091b6b06ea1dcfd9637d4440d00fbe4252e93dc337c29f78101b8.dll
Size

2.0MB
MD5

5e6a6730364cacebd118db8476269b09
SHA1

368cad7fa8cd5d63a26046daed9d1e544dac25a6
SHA256

27ed9e25513091b6b06ea1dcfd9637d4440d00fbe4252e93dc337c29f78101b8
SHA512

5e1830275676c0fae2fd74c7c39d84f3f263897c63ff65408743d9dfc87ef0a5934a3a0503b606d21ff24fb4a8a8319f46aff7e88966ae7ac45251b735ff05ce
SSDEEP

49152:4uKRyJai53roq8DutO8WWDUu6V5Vi3rtAyONFid:4tRyBW8WWDb6V558

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 380 wrote to memory of 1924	380	rundll32.exe	84
PID 380 wrote to memory of 1924	380	rundll32.exe	84
PID 380 wrote to memory of 1924	380	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\27ed9e25513091b6b06ea1dcfd9637d4440d00fbe4252e93dc337c29f78101b8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:380
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\27ed9e25513091b6b06ea1dcfd9637d4440d00fbe4252e93dc337c29f78101b8.dll,#1
  2⤵
  PID:1924