8e6e5763817c18464da1a6f926d815e49f499e3f5563144d8a861fb9f6cb30ee

Analysis

max time kernel
1714s
max time network
1621s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
11/01/2023, 00:05

Target

xlsxflt.dll
Size

329KB
MD5

1eac9c3d11dc21613066a48ce4003a9b
SHA1

2c18e97ccb0bc078c481a0bbb9d41d9eea07bb24
SHA256

4e70af4aaefff115dc6a634123f3a5a237ab005ac76da7534c59e7ebba934ac0
SHA512

e211fcef411a2a0a4009e5484ff0ce18f785d0773696460d1a219b7378fa52d263f379d9bbf254651a519375d08c9eec6a2a12e76701cf56f70d2298e3683105
SSDEEP

6144:4Fi0wvsIeeCv4+s2F+hGKduopJ3a57FLPU9Cu2A9gAqn66IB1tbBPNkhXevePpUw:0VIezv4+s2FbKdu8a57FLPU9Cu29CTBI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2864 wrote to memory of 3624	2864	rundll32.exe	56
PID 2864 wrote to memory of 3624	2864	rundll32.exe	56
PID 2864 wrote to memory of 3624	2864	rundll32.exe	56

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\xlsxflt.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\xlsxflt.dll,#1
  2⤵
  PID:3624