21862f74b9a3c8ab1b83aa71b5334b056015599ff4c864c1c37ca00df8732e42

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231023-en
resource tags

arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
submitted
20-11-2023 13:29

Target

17112023_2229_Anesthesiology__.dll
Size

1.6MB
MD5

ee8ecace1c6a2a5f112de7261051080a
SHA1

5c11b97e44d7b6684a5b3781aa676019ee436c88
SHA256

e88d394fbf29fec83a119f86f2c338a3c9997872b971294d973c16f65c53f0a6
SHA512

6a76144b7600b184aee25e7b8ea18fd272f28c5651ad61362afde330e3b09991fa365fb0866f27cafe451de04db2067f60024902d77d276054c90f2bd8ab49dc
SSDEEP

24576:JeC6d4Qm5o9dF1rT/ygBLOiaucihUZ5tU80IYabEnNSeyPUFrPmnrw13QiGGAK8B:IvZ9djrT/HLlvIYabSymLyQYGAHgO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 3540	2556	rundll32.exe	86
PID 2556 wrote to memory of 3540	2556	rundll32.exe	86
PID 2556 wrote to memory of 3540	2556	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\17112023_2229_Anesthesiology__.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\17112023_2229_Anesthesiology__.dll,#1
  2⤵
  PID:3540