a408dab00cbdacb02e199eccdf1998c2cee296e29b1f6b69f081ea988d2fdae0

Analysis

max time kernel
147s
max time network
76s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:16

Target

2c5b90c5b36a8e3669853549c7198893.dll
Size

13KB
MD5

2c5b90c5b36a8e3669853549c7198893
SHA1

103f149453abb274cd4811f2ccb42e500db668e3
SHA256

a408dab00cbdacb02e199eccdf1998c2cee296e29b1f6b69f081ea988d2fdae0
SHA512

be99e7bcb68cc0beb67a28b3772449dfab0f790560a0648560e151690fc53eb94e2861c841da7ab0d69d2e99fb67666e01d8981b1bfadd70573fde340b62286f
SSDEEP

192:HixmIS9q0EgWwys9gUi+DoioSMBA/bDPGZ7xdKgIG5tV3X6ThEw9:Higvq0Exa9I+noSMwbDPdgIG5bqTC

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 696 wrote to memory of 1712	696	rundll32.exe	16
PID 696 wrote to memory of 1712	696	rundll32.exe	16
PID 696 wrote to memory of 1712	696	rundll32.exe	16

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c5b90c5b36a8e3669853549c7198893.dll,#1
1⤵
PID:1712

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c5b90c5b36a8e3669853549c7198893.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:696