f8d4693156e2467233ee02487820a4eefe1ba539ce25329a4767855cfe2e709b

Analysis

max time kernel
93s
max time network
122s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 14:27

Target

258c799d72958bf08744e60ca0252daf.dll
Size

156KB
MD5

258c799d72958bf08744e60ca0252daf
SHA1

464a977eee6fa9eca62f2835fb21e1e0b52c112f
SHA256

f8d4693156e2467233ee02487820a4eefe1ba539ce25329a4767855cfe2e709b
SHA512

0848ae31f06dde829539b846cfefb35628672c2d2ee8fdf3ebf4288f045e73b1249b8d66f595075901d95b6c9da018ec6040b9f69b397e778d80904fa9c4b2d4
SSDEEP

3072:Oeka1bYKHueiKk+GfCxGg+btFKHZawvCd2bP6atIsCF7ZMtcKo:JbniP+GfTgYm1CLsC/Me

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4488 wrote to memory of 4052	4488	rundll32.exe	14
PID 4488 wrote to memory of 4052	4488	rundll32.exe	14
PID 4488 wrote to memory of 4052	4488	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\258c799d72958bf08744e60ca0252daf.dll,#1
1⤵
PID:4052

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\258c799d72958bf08744e60ca0252daf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4488