5785ae5a61ecf0f7cd264fc00b8569400be381dfe38be74dfca9ec12493aa04a

Analysis

max time kernel
102s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 00:00

Target

2ef66c0700887fdd65def84f863a1c70N.dll
Size

6KB
MD5

2ef66c0700887fdd65def84f863a1c70
SHA1

3894a7261a97e3eae25f37ced334ec5dfcbf956c
SHA256

5785ae5a61ecf0f7cd264fc00b8569400be381dfe38be74dfca9ec12493aa04a
SHA512

6430125493b0102bea2cfea1ea86237bb501bff81e8fa17885a76803258d8ee2a09cd6e8dbd1abf9c898b6ca424dabc69beddc71e665675bc747458a672f708e
SSDEEP

96:hy859x0P8Ma7AOXof3kjucqAcxNbOkhyz9/P5PcnTiWj:F5oL/OXof3kj+HxNfeMTpj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3540 wrote to memory of 2416	3540	rundll32.exe	84
PID 3540 wrote to memory of 2416	3540	rundll32.exe	84
PID 3540 wrote to memory of 2416	3540	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ef66c0700887fdd65def84f863a1c70N.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3540
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2ef66c0700887fdd65def84f863a1c70N.dll,#1
  2⤵
  PID:2416