2335085c2a07390ccf3286dce5f7fca65fe9a9de40e12c7f5b05fb7772cbea7d

Analysis

max time kernel
178s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 10:51

Target

1892903fa86d9a951321a70df4d23061.dll
Size

192KB
MD5

1892903fa86d9a951321a70df4d23061
SHA1

189e7d237be32ebf44773efe9160e15f774bcc8e
SHA256

2335085c2a07390ccf3286dce5f7fca65fe9a9de40e12c7f5b05fb7772cbea7d
SHA512

c50977a4a9863743fde4dcc05047e26004179d8e444dbfbd698e875da3f3640ca53776f7ad3746b867f1423647ad3806109971f3d00e5bc5ad045157ed93c878
SSDEEP

3072:WNbpOnPsGqQTruHLD7RcQxKrrdNU0VAtrOpOOWxOv4Kn7qbjx7T/Hrmf:WNbqaLD7RcukVAtSQOWcgWqbV77Lmf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1856 wrote to memory of 4416	1856	rundll32.exe	53
PID 1856 wrote to memory of 4416	1856	rundll32.exe	53
PID 1856 wrote to memory of 4416	1856	rundll32.exe	53

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1892903fa86d9a951321a70df4d23061.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1856
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1892903fa86d9a951321a70df4d23061.dll,#1
  2⤵
  PID:4416