227d9442c49650f6166ca6ee1142f812885947537e02578da69bdf5f005ee412

Analysis

max time kernel
149s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 15:37

Target

29d83b97489346cd1aee4df04b3bd13d.dll
Size

841KB
MD5

29d83b97489346cd1aee4df04b3bd13d
SHA1

c827ac70a83003de93bddb745d7d26c5a492e5f5
SHA256

227d9442c49650f6166ca6ee1142f812885947537e02578da69bdf5f005ee412
SHA512

6de84ac2ea5ea8be27f3dc5862d4b278a7f26733c96ad4cf3c62722725ae168d66153ba177f3b64fd49c2de4ce3b2512b0e5f6c2e9e03d02470179142e754982
SSDEEP

12288:1fP9lqzCilr/vdp1ykGiKxBfZMQyE63b46Ipc3abDwf7a4JFtRsoy/:1fvNilr/1p1GbxB4I1wbJ1c

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 4616	1032	rundll32.exe	19
PID 1032 wrote to memory of 4616	1032	rundll32.exe	19
PID 1032 wrote to memory of 4616	1032	rundll32.exe	19

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d83b97489346cd1aee4df04b3bd13d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\29d83b97489346cd1aee4df04b3bd13d.dll,#1
  2⤵
  PID:4616