b9630c58b0a7306fbfc90ba6ccba01a06f807fbf1f4846b8ac2b303bebbb5883

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 07:53

Target

1046649691d4156c7255ec37fec641e1.dll
Size

12KB
MD5

1046649691d4156c7255ec37fec641e1
SHA1

01c823314daec5d391198b44e6fb921d4ca7a65f
SHA256

b9630c58b0a7306fbfc90ba6ccba01a06f807fbf1f4846b8ac2b303bebbb5883
SHA512

7addc1f8ad37f20b990f6a14589905fc6cf3ca345bc5745c14bd5ce9c290505a42938fa35ab026999cd95765668a746043178f224a4a31ac6ec35c0500625a88
SSDEEP

192:2dBZlcPlKA+OHLMX7pSPmAn61iaOcXk9xR2l078ptSolAWd3WEgU:23yeOHQ7pSPr61W9xIlm8pBAWd3WEg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3864 wrote to memory of 2440	3864	rundll32.exe	16
PID 3864 wrote to memory of 2440	3864	rundll32.exe	16
PID 3864 wrote to memory of 2440	3864	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1046649691d4156c7255ec37fec641e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3864
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1046649691d4156c7255ec37fec641e1.dll,#1
  2⤵
  PID:2440