8d3b8979ac9f98fb7e916ac475acf978dbbcd61d2716a7fc7c47da7f03bd100b

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2023 10:56

Target

17112023_2229_Anesthesiology.dll
Size

1.6MB
MD5

ee8ecace1c6a2a5f112de7261051080a
SHA1

5c11b97e44d7b6684a5b3781aa676019ee436c88
SHA256

e88d394fbf29fec83a119f86f2c338a3c9997872b971294d973c16f65c53f0a6
SHA512

6a76144b7600b184aee25e7b8ea18fd272f28c5651ad61362afde330e3b09991fa365fb0866f27cafe451de04db2067f60024902d77d276054c90f2bd8ab49dc
SSDEEP

24576:JeC6d4Qm5o9dF1rT/ygBLOiaucihUZ5tU80IYabEnNSeyPUFrPmnrw13QiGGAK8B:IvZ9djrT/HLlvIYabSymLyQYGAHgO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 4696 wrote to memory of 1560	4696	rundll32.exe	rundll32.exe
PID 4696 wrote to memory of 1560	4696	rundll32.exe	rundll32.exe
PID 4696 wrote to memory of 1560	4696	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17112023_2229_Anesthesiology.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4696
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17112023_2229_Anesthesiology.dll,#1
  2⤵
  PID:1560