2f44aa03ebdbeaf99de11a02e710a448d2540b7a0390fcd8f6656287eb5f3815

Analysis

max time kernel
142s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
20/08/2023, 12:43

Target

2f44aa03ebdbeaf99de11a02e710a448d2540b7a0390fcd8f6656287eb5f3815.dll
Size

2.0MB
MD5

6b45fc52d050354c7d14f9858551a22d
SHA1

6ec8542b4bc86f954160791c5760a304dcf48c02
SHA256

2f44aa03ebdbeaf99de11a02e710a448d2540b7a0390fcd8f6656287eb5f3815
SHA512

805d0c577fdc7b9dee5eb1be34266a6d0421ea1cf9fffe4bc8bafb6b727b8f7b36aa6951c20eff6941676312135a9620d39a34e9b215751c493dfb999353aed3
SSDEEP

24576:YSdgnW4B3+CkLK9QZt0LKd939n7/f78qtMhbV+CvsmKF5mbNM9c7XcWTW29ROev0:Dgb3+e9QZt0M5VjuFKFXcrrF9ROevzhO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2948 wrote to memory of 1896	2948	rundll32.exe	81
PID 2948 wrote to memory of 1896	2948	rundll32.exe	81
PID 2948 wrote to memory of 1896	2948	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f44aa03ebdbeaf99de11a02e710a448d2540b7a0390fcd8f6656287eb5f3815.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2948
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2f44aa03ebdbeaf99de11a02e710a448d2540b7a0390fcd8f6656287eb5f3815.dll,#1
  2⤵
  PID:1896