b99f11f7d9b50f181b9041fcdb90437c3215c9fc0e1771610480dda7deed66e8

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
22/07/2024, 15:01

Target

b99f11f7d9b50f181b9041fcdb90437c3215c9fc0e1771610480dda7deed66e8.dll
Size

2.0MB
MD5

d4c5cf4391a304c9ddacc5ca6c230dc9
SHA1

3ffb75c3fe9c09be8ab2014c95da7b0a00f35048
SHA256

b99f11f7d9b50f181b9041fcdb90437c3215c9fc0e1771610480dda7deed66e8
SHA512

36ba37046e42433ae1642dcb8ff643baefb5861b2f1bbcc534191f05f2449f34bd02f0fd1ae4f70f6a41477bbb050d595b7db9bd0ea354cce26ad984a4a76483
SSDEEP

49152:Wi+bch5KDiXet0Dep+NWyP8CkyNAANZxucHOqKnFWn47Z:WlcKDiXet0Dep+IyPdkyNAANHSqKnMnW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3924 wrote to memory of 2780	3924	rundll32.exe	84
PID 3924 wrote to memory of 2780	3924	rundll32.exe	84
PID 3924 wrote to memory of 2780	3924	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b99f11f7d9b50f181b9041fcdb90437c3215c9fc0e1771610480dda7deed66e8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3924
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b99f11f7d9b50f181b9041fcdb90437c3215c9fc0e1771610480dda7deed66e8.dll,#1
  2⤵
  PID:2780