11e2118151ac59f0050ac45b9dc338980a7ca641783246f251f9bd60b70aa860

Analysis

max time kernel
169s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 08:38

Target

127afa231dcc83ded59f508bf3a71066.dll
Size

169KB
MD5

127afa231dcc83ded59f508bf3a71066
SHA1

89f9e702bac63cc07d44bdda36f7feceb5a19986
SHA256

11e2118151ac59f0050ac45b9dc338980a7ca641783246f251f9bd60b70aa860
SHA512

199f6045e2548cdeaf329509638bd08f806164a137dcadd2cdb28898fe76374239e4726037d140358250a4fbc405e387d294cf4b5894cfd6d037c76dfacefac6
SSDEEP

3072:Wfx9dJ6fZqAQmFvEu/U7qpH+U8KXy+OC2MF6yAFB/W/vYo:Wz6AAQmxUuJds3VBeIo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1668 wrote to memory of 2092	1668	rundll32.exe	46
PID 1668 wrote to memory of 2092	1668	rundll32.exe	46
PID 1668 wrote to memory of 2092	1668	rundll32.exe	46

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\127afa231dcc83ded59f508bf3a71066.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\127afa231dcc83ded59f508bf3a71066.dll,#1
  2⤵
  PID:2092