c093b4b036effa94fbdf7ce4afbf6948a82480a38c4249331dd18245eecacfaf

Analysis

max time kernel
190s
max time network
203s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 09:09

Target

13fc1f08d3257c5cc372b618eba1e4fc.dll
Size

74KB
MD5

13fc1f08d3257c5cc372b618eba1e4fc
SHA1

a26643a1ab2c0c8ea1349a41cb7ca39eebe9482a
SHA256

c093b4b036effa94fbdf7ce4afbf6948a82480a38c4249331dd18245eecacfaf
SHA512

bf56ba8d4d188b828f065439ccb04e36f5e89ed6de18c50d28c842ef209a616138d284d430cc490d431415377c7e275cdb5006ada121a9f9abe7f7b1b46c8b0d
SSDEEP

1536:Ft6FXruDHtD/pwNYekQcSLWQRwK7B6DeCS9TwVtQH5h9op2pnr:6a1/zePvLZRpIDeSVtsh9opS

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3992 wrote to memory of 2000	3992	rundll32.exe	88
PID 3992 wrote to memory of 2000	3992	rundll32.exe	88
PID 3992 wrote to memory of 2000	3992	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13fc1f08d3257c5cc372b618eba1e4fc.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3992
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13fc1f08d3257c5cc372b618eba1e4fc.dll,#1
  2⤵
  PID:2000