74fa1d946e77dc5a02ecb2d631863940a91d852959f071b9ae0c53a7b15a7743

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
22/12/2023, 16:23

Target

ed91f8c2d5dea85fe82e21448cc6fb0c.dll
Size

25KB
MD5

ed91f8c2d5dea85fe82e21448cc6fb0c
SHA1

0adf16d8fbc308791b6dc86efd45ce6fbfc92ae7
SHA256

74fa1d946e77dc5a02ecb2d631863940a91d852959f071b9ae0c53a7b15a7743
SHA512

27cc51cfe1d80fe10178834e766e7b62a6b4122669b00c6df40d9ba6ef658dd33c51d7c4f0a66570f74a57df675fbf68e0cbfb7a0b5a777d8c2196f7ffd0af07
SSDEEP

384:Cdm7CfpLDyd5VOr/TeMRn1atunVWzkcj0KRSs3IYasoOuipKDY9PK1Xq:1CxHyd5ETJR1aiWzkqsMvNcjZq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 4984	2124	rundll32.exe	88
PID 2124 wrote to memory of 4984	2124	rundll32.exe	88
PID 2124 wrote to memory of 4984	2124	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed91f8c2d5dea85fe82e21448cc6fb0c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ed91f8c2d5dea85fe82e21448cc6fb0c.dll,#1
  2⤵
  PID:4984