e0374776d0ef2118ec4ee9c34b669716624857c1613753e23c3563557184e48f

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 22:10

Target

3f2100ee2b7ffa0bd5f82694f27875fc.dll
Size

640KB
MD5

3f2100ee2b7ffa0bd5f82694f27875fc
SHA1

8bf58064df43a907517e32d3d933a8de287b3179
SHA256

e0374776d0ef2118ec4ee9c34b669716624857c1613753e23c3563557184e48f
SHA512

e409a47f5a60f3b58c8fed1f606ef8989e207bd07d3be86aaee9850aee3c1d7ce8d4ae6ff331c6114c84de8f41eba6d6f0a63e4a5ba97991b1e09fd4913d9dae
SSDEEP

12288:oljWP7JbP6hQfLaxEXMlR5kpFPlLSMSnwlwLGnuT3+/ElYHF:olaJbP6hULeEXMlTCLJlwLGnuT3+yYl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3572 wrote to memory of 3316	3572	rundll32.exe	15
PID 3572 wrote to memory of 3316	3572	rundll32.exe	15
PID 3572 wrote to memory of 3316	3572	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f2100ee2b7ffa0bd5f82694f27875fc.dll,#1
1⤵
PID:3316

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3f2100ee2b7ffa0bd5f82694f27875fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3572

memory/3316-0-0x0000000010000000-0x0000000010144000-memory.dmp

Filesize
1.3MB

Download
memory/3316-1-0x0000000010000000-0x0000000010144000-memory.dmp

Filesize
1.3MB

Download