1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3

Analysis

max time kernel
123s
max time network
144s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
13-10-2023 04:18

Target

1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3.dll
Size

102KB
MD5

ed15379ed0c9f2e2cc0c105fc8f08896
SHA1

eb19214f7242ffa308fb1366f619a6293ab5c2e9
SHA256

1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3
SHA512

9c3563fc4f16b124053d21937aabb0be32deda3c673ea04505df662d972352b62ea7488f3d0177d8cc868e9cdda49b298db6ac589a71799025f8bcedd5e70fcd
SSDEEP

3072:+rU7xUICZ+FOIm2Kosm72uQR6wQr77xUZYNS60Z:uEFhgYsS2uQRevNS60Z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 2740 wrote to memory of 2144	2740	rundll32.exe	rundll32.exe
PID 2740 wrote to memory of 2144	2740	rundll32.exe	rundll32.exe
PID 2740 wrote to memory of 2144	2740	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2740

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1ab121c22361884aa13cc654a4e79a6e70240d3ef60bc1e660aeef7bde168aa3.dll,#1
2⤵
PID:2144