35add073d6d6987470da633f417edd90027fe0ce5c23fd246c9e04284ae29307

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 19:09

Target

36d3b7475f097832ea762c45e9bc1b3a.dll
Size

101KB
MD5

36d3b7475f097832ea762c45e9bc1b3a
SHA1

46fc1a134192770fa70f141a851b2ee8b72d6844
SHA256

35add073d6d6987470da633f417edd90027fe0ce5c23fd246c9e04284ae29307
SHA512

aec46bd051fc59ab5b7fcbf5cc00bc74ac19e058cfaa7cb10c01f014225408f957fe53576c9bedae2dde3fdec283791cbf374bc0f25bbb5f4daf09061a48ae6f
SSDEEP

1536:WjbbRlboZ6o6Zkd0vUpw0fPEcivcDzBw0u+grMj567dKG:WXbXboc3MPEJQgrMj56xl

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 5084	1976	rundll32.exe	43
PID 1976 wrote to memory of 5084	1976	rundll32.exe	43
PID 1976 wrote to memory of 5084	1976	rundll32.exe	43

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36d3b7475f097832ea762c45e9bc1b3a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36d3b7475f097832ea762c45e9bc1b3a.dll,#1
  2⤵
  PID:5084