676713759a4c28d8f9e2d69d7e92dbd1d98db937ac23751a4b51f11ef2f8fcde

Analysis

max time kernel
147s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 19:52

Target

0efa72e365adcaaa18c253712310ed6e.dll
Size

36KB
MD5

0efa72e365adcaaa18c253712310ed6e
SHA1

7a6aa5cc1d89db55cee2f84d03a379ded6edd2be
SHA256

676713759a4c28d8f9e2d69d7e92dbd1d98db937ac23751a4b51f11ef2f8fcde
SHA512

8142c329c4cd6430795303284ef30e5cd79808c68a9d4a7562f7e58fc11cba0fde47ab1168b8e73d2c02e34cfca3667438e5d756d9becea2a58acf5e20aae664
SSDEEP

384:TjxpIhLvc/BlU5NrvgNVB8AGMRWW+ZcMAgKwsFqMWDtf0KaJZG1IyUS43ucGruQ8:5pIh6UewAWtPDKKa2QUrem+qluFe+z

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4828 wrote to memory of 1564	4828	rundll32.exe	14
PID 4828 wrote to memory of 1564	4828	rundll32.exe	14
PID 4828 wrote to memory of 1564	4828	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0efa72e365adcaaa18c253712310ed6e.dll,#1
1⤵
PID:1564

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0efa72e365adcaaa18c253712310ed6e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4828

memory/1564-1-0x00000000006E0000-0x00000000006E3000-memory.dmp

Filesize
12KB

Download
memory/1564-0-0x0000000074B10000-0x0000000074B3E000-memory.dmp

Filesize
184KB

Download
memory/1564-2-0x0000000074B10000-0x0000000074B3E000-memory.dmp

Filesize
184KB

Download