125825a306ba91d336549823be0fd81dde05b4080794ba91b6b66892bc4e259a

Analysis

max time kernel
163s
max time network
174s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 19:11

Target

36f0d39eac787f1fb1be6b737d96c721.dll
Size

1.1MB
MD5

36f0d39eac787f1fb1be6b737d96c721
SHA1

87b6b05a80efcdab16656943f1ae0fe810e364c1
SHA256

125825a306ba91d336549823be0fd81dde05b4080794ba91b6b66892bc4e259a
SHA512

9312901d61615549ae8d5dbfd945a19fa0d4fb547b0eee2f764f6d28272c82a398136284d4766f8e58385ad2ebb025f33c93da577596c2ff63b62b4ece885099
SSDEEP

24576:whF/F2zWPK6IsOW4ezRY5I5q2HMbr1sXGR1jbwEs6:G/NPKF9QzR55q2HortRB5

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4936 wrote to memory of 2652	4936	rundll32.exe	88
PID 4936 wrote to memory of 2652	4936	rundll32.exe	88
PID 4936 wrote to memory of 2652	4936	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f0d39eac787f1fb1be6b737d96c721.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4936
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\36f0d39eac787f1fb1be6b737d96c721.dll,#1
  2⤵
  PID:2652