e3fc3dcfd11bba88ff5df3471741b31648c5c1fe6607fe5fea7f9c185354dee3

Analysis

max time kernel
163s
max time network
173s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 10:58

Target

1900fd44cb02b182cc2e172a55e835f4.dll
Size

172KB
MD5

1900fd44cb02b182cc2e172a55e835f4
SHA1

23bdbd00e38dea8f203fadb849d10a69379fc25f
SHA256

e3fc3dcfd11bba88ff5df3471741b31648c5c1fe6607fe5fea7f9c185354dee3
SHA512

12b3a321ffd45e60390f25dc45cf79b4a0b5d3c4b0e01359a0c13873bb5a514fc13ad8e4a78aec6b59bab3b14a42372895273025199a1e87f7040673797bc24f
SSDEEP

3072:UMQccgI2Lk+PPfNYzJBpBXrqo7aepyVIVCJqApSYIXsLevAXDJj0jvoYB:UMQcEKPf4BPXrvaNVIVEDpSmVDJjX2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4448 wrote to memory of 640	4448	rundll32.exe	90
PID 4448 wrote to memory of 640	4448	rundll32.exe	90
PID 4448 wrote to memory of 640	4448	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900fd44cb02b182cc2e172a55e835f4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1900fd44cb02b182cc2e172a55e835f4.dll,#1
  2⤵
  PID:640