2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf

Analysis

max time kernel
91s
max time network
117s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
21/10/2023, 15:23

Target

2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf.dll
Size

30KB
MD5

b1a9bada63295e97d6775083bd04e857
SHA1

0287cabaa9b814439818093e63bde10ced5f242e
SHA256

2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf
SHA512

eb98ce9ffc918f2e9cdf82a6444c9eef6b1ba12aecf79a10ab38b1669e2633672fa9eef655b85fea1792f51ace5841d9b3522eaa251254d41bea5c282bf5d4bf
SSDEEP

768:ypRrAO9YmckVPxIiTAqMwwyg2ulzxAfv5r6wD1Pe3pU:yrnYmckVPxIiTAqMwm2ulzxAfv1Pe6

Score

1^/10

Suspicious use of WriteProcessMemory 2 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 3900	2828	rundll32.exe	84
PID 2828 wrote to memory of 3900	2828	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cb1eb16d06386cdb9ebb0e97312fd6d4951bf1f36a1ee97ede9cb6c6370f1bf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\system32\rundll32.exe
  rundll32 "C:\ProgramData\Zim5zQ\ixb5IWUo.dll", #3
  2⤵
  PID:3900