58ad8cbcc09698b405af41cc336450c37fa7ea8a680836c711a4ae43aabfdb9a

Analysis

max time kernel
146s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 18:39

Target

35277ba5bc796d27ba24d92fa914855a.dll
Size

368KB
MD5

35277ba5bc796d27ba24d92fa914855a
SHA1

55b6c3ccc5b55a1f11c9927a43a8e00b6f4d703e
SHA256

58ad8cbcc09698b405af41cc336450c37fa7ea8a680836c711a4ae43aabfdb9a
SHA512

c730f011e2b0ae8b3cb2d7e23c0f3c900c1f41a9fb0b3869abdce21743d3df2dc19d79e09064a13d81e902117f22bbf223bd6a75f021adf324284ca58046e333
SSDEEP

6144:94+FVS/GrnAD1WpR2CiB5GBCG8jw26TPsfJyENWWUj32oG/ayGGiV7sGKSkp:94+FkKADo61GbPYyEgWM2onii1sGKSk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2828 wrote to memory of 1096	2828	rundll32.exe	16
PID 2828 wrote to memory of 1096	2828	rundll32.exe	16
PID 2828 wrote to memory of 1096	2828	rundll32.exe	16

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35277ba5bc796d27ba24d92fa914855a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2828
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35277ba5bc796d27ba24d92fa914855a.dll,#1
  2⤵
  PID:1096

memory/1096-1-0x0000000010000000-0x0000000010060000-memory.dmp

Filesize
384KB

Download
memory/1096-0-0x00000000022A0000-0x00000000023A0000-memory.dmp

Filesize
1024KB

Download