24360d0e97a5b2b6fec4899a4b2968307e353d4d757b9214fccc600b64582ab8

Analysis

max time kernel
157s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 16:23

Target

2cd44fe6c7126ec2e94adba6cdfa2881.dll
Size

80KB
MD5

2cd44fe6c7126ec2e94adba6cdfa2881
SHA1

ebfff7f8e15089ce6c9737d7811a4c1a20c6d55f
SHA256

24360d0e97a5b2b6fec4899a4b2968307e353d4d757b9214fccc600b64582ab8
SHA512

e2abcb85a27b5c7e0c6e9fa376c9376536f3dcd6300161586ac4d54bc7dcb8f633423fb210671b712896b11a94d6fa5a1e464002c19316b116b94dab8fe880f9
SSDEEP

1536:3jHOJ2zDJjkVdz+/NagqE3qC6Qp46YyqLgy0JwrUhYZ+YjMft/H:31PagqE3d6Qq6YyqLgy0JwrUBbt/H

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3288 wrote to memory of 4572	3288	rundll32.exe	87
PID 3288 wrote to memory of 4572	3288	rundll32.exe	87
PID 3288 wrote to memory of 4572	3288	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cd44fe6c7126ec2e94adba6cdfa2881.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3288
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2cd44fe6c7126ec2e94adba6cdfa2881.dll,#1
  2⤵
  PID:4572