af56e30713754fb0c72cde9ca3cbf36ff0aac227788c54f525d31e2fdca3415a

Analysis

max time kernel
99s
max time network
125s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
22/07/2024, 15:47

Target

af56e30713754fb0c72cde9ca3cbf36ff0aac227788c54f525d31e2fdca3415a.dll
Size

2.0MB
MD5

eb85103f4ce67f02b42296b29e370169
SHA1

9ecfac4c8bc85db822e98b8db7f7ad89eb63419b
SHA256

af56e30713754fb0c72cde9ca3cbf36ff0aac227788c54f525d31e2fdca3415a
SHA512

be198dcb2873b3a462e8faafdda7ed6a75c7acd9c087ce9c713329b06d9d5d990b73ac844a7f18358ec90df30820c813da6ad929a46ba04a533a3f0423af3c62
SSDEEP

49152:WI+bch5KDiXet0Dep+NEy68CkyNAANZxucHOqKnFWnI7Z:WfcKDiXet0Dep++y6dkyNAANHSqKnMnG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2784 wrote to memory of 4864	2784	rundll32.exe	81
PID 2784 wrote to memory of 4864	2784	rundll32.exe	81
PID 2784 wrote to memory of 4864	2784	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\af56e30713754fb0c72cde9ca3cbf36ff0aac227788c54f525d31e2fdca3415a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2784
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\af56e30713754fb0c72cde9ca3cbf36ff0aac227788c54f525d31e2fdca3415a.dll,#1
  2⤵
  PID:4864