36a74c87bbd1bb2387fcff0675be5fc471436800fdd6d8aa959281980f94d88c

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 13:28

Target

21bc11cf95f39085060e91e9fb3d152c.dll
Size

26KB
MD5

21bc11cf95f39085060e91e9fb3d152c
SHA1

4bb5c9b8dcb74a2ab4e8c0a5d107608fd48dc8cd
SHA256

36a74c87bbd1bb2387fcff0675be5fc471436800fdd6d8aa959281980f94d88c
SHA512

625df6d0514ac12be5b769cef084597eb614dd8033b42cb6efd813501af03fe898864be2815b1130b2ad512ad0becad4d9b9e0ec3d13aec6b94e5a9044eace64
SSDEEP

384:3F0FEGTzI9b93rHuZoHTF7herK9ds77nOog4ER98zAfnWiSOLJ+ORc9PYP0:3FlSz2uETdhWGs7SofER98HiSOL1RTP0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 2600	3840	rundll32.exe	18
PID 3840 wrote to memory of 2600	3840	rundll32.exe	18
PID 3840 wrote to memory of 2600	3840	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\21bc11cf95f39085060e91e9fb3d152c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\21bc11cf95f39085060e91e9fb3d152c.dll,#1
  2⤵
  PID:2600