561ac9394509138348480e01174b172865a62e459b513eaf563e56383f6245d2

Analysis

max time kernel
509s
max time network
523s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
30-06-2024 18:26

Target

PROPAMAT/FlDTEServicesLibrosPE.dll
Size

72KB
MD5

573da21499d514dd8b880965f1e1c375
SHA1

169643906a88cfad0f76f8b18a0c8a9dd9e4950e
SHA256

4ad5bb50c44dfdc0308510b7daf66ecf25d45441dd9eac22cfd0e3b8b03c7e32
SHA512

08d076f1d244b11421a7cc749cbe2c8d883efb741758c3d609fef655422bacaa16f21837a8e7dfa1b24a7983ed2dce7da83ba993564d25b68f27bd71f71842e7
SSDEEP

768:SMffYyWAV/69ZDXsoSze73u3QJrPS5z4bGGfu1LzDGM/6acTRUwNJiGS975S0/IH:SMffp4JfudPZ/IRVN7E75S0/IBJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 1124 wrote to memory of 2652	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 2652	1124	rundll32.exe	rundll32.exe
PID 1124 wrote to memory of 2652	1124	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PROPAMAT\FlDTEServicesLibrosPE.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1124

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PROPAMAT\FlDTEServicesLibrosPE.dll,#1
2⤵
PID:2652