62cfeec19e1f8c6d63c348bf0faaae3dbe8e4db9b2ddb1fc0aeabda947071ada

Analysis

max time kernel
147s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 09:06

Target

13d5b8399de0848a7b2f010155d42f9b.dll
Size

244KB
MD5

13d5b8399de0848a7b2f010155d42f9b
SHA1

c16b3e4a35646c8a18d39e9b993a622789218c81
SHA256

62cfeec19e1f8c6d63c348bf0faaae3dbe8e4db9b2ddb1fc0aeabda947071ada
SHA512

154a32dd77f9ccedcc5db96d4ea2e23016a46ee2402483312ea3392d875b2c10ae1879f3c24f639dc973186192e5f2aafca5d6d1fc93cd082539ba973cc26d6f
SSDEEP

6144:3mH7TsYSpVY6cIlSjuxJKyadgRsqdwCgyThEgXpOuARlLWHAR:3mvkC6JFwCgyVEIayHA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4000 wrote to memory of 2652	4000	rundll32.exe	66
PID 4000 wrote to memory of 2652	4000	rundll32.exe	66
PID 4000 wrote to memory of 2652	4000	rundll32.exe	66

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13d5b8399de0848a7b2f010155d42f9b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13d5b8399de0848a7b2f010155d42f9b.dll,#1
  2⤵
  PID:2652

memory/2652-0-0x0000000000B50000-0x0000000000B8D000-memory.dmp

Filesize
244KB

Download
memory/2652-1-0x0000000000B50000-0x0000000000B8D000-memory.dmp

Filesize
244KB

Download