3c359aa7e905ea6ae5e0f63fd4746b6351699c78853ccc372cbeb61454790fb1

Analysis

max time kernel
150s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 20:00

Target

0f6fa9ebc4e87ec9bd70d8d6d834adf0.dll
Size

2.3MB
MD5

0f6fa9ebc4e87ec9bd70d8d6d834adf0
SHA1

028e334562e0f99d1be212610fa61d5f80296a65
SHA256

3c359aa7e905ea6ae5e0f63fd4746b6351699c78853ccc372cbeb61454790fb1
SHA512

e32157078b32cdc59cd84f75d8aa0416607ff203d4c420a9ad34e32304cec3982bf6ce42e95ec30a2863776c28bce15c744cb84e56bece027d6a11db5a0c3e67
SSDEEP

49152:gM3LTEwgTrf+lW/kvAAZkSRlrhpvnPlMhqPBFJRyJJeB:gCLTEwgTz+lW/kPBnRy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4560 wrote to memory of 400	4560	rundll32.exe	90
PID 4560 wrote to memory of 400	4560	rundll32.exe	90
PID 4560 wrote to memory of 400	4560	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f6fa9ebc4e87ec9bd70d8d6d834adf0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4560
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0f6fa9ebc4e87ec9bd70d8d6d834adf0.dll,#1
  2⤵
  PID:400