53c44b626b2754cf3ef77dc1ba7cb9ef39b5a33539915c2b9c2420aaac15c129

Analysis

max time kernel
147s
max time network
87s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 05:56

Target

09bbefd6cf13e2ff9638f32545bec716.dll
Size

92KB
MD5

09bbefd6cf13e2ff9638f32545bec716
SHA1

c12cde705f79aa6350286ee2292f5248c7e50ff3
SHA256

53c44b626b2754cf3ef77dc1ba7cb9ef39b5a33539915c2b9c2420aaac15c129
SHA512

4e3eef885b6e7fdb9541e2b1bb750453c08e0fb0cc95d4a2a073656c9d3a618eb0b4b013b9cda8e0457e71ac65e31b05d326bcb80479bd5cdbdd9f43c3ca1cc4
SSDEEP

1536:EpBxLYP2hwMBlUKI4kLsbid+QZMvx685A9nZyILcnPH/:EPd7wMBqMkYe4QSJ68S9AIwnPH/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 4320	3732	rundll32.exe	15
PID 3732 wrote to memory of 4320	3732	rundll32.exe	15
PID 3732 wrote to memory of 4320	3732	rundll32.exe	15

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09bbefd6cf13e2ff9638f32545bec716.dll,#1
1⤵
PID:4320

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\09bbefd6cf13e2ff9638f32545bec716.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3732

memory/4320-1-0x0000000000F50000-0x0000000000F81000-memory.dmp

Filesize
196KB

Download
memory/4320-0-0x0000000000F50000-0x0000000000F81000-memory.dmp

Filesize
196KB

Download