39f01d34065b63c350a3ffe049e03e41c7365b8ca3b603f7e632bec90c3f8c60

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 20:33

Target

MirServer/Mir200/IPLocal.dll
Size

167KB
MD5

bbf62130e7a5966a2b7b89411ad335c8
SHA1

9f6a0af9525cc6b6df479d3d511e06200571c1b5
SHA256

da61a728a96293d8d99db31d3843a68c3788fca93f630219adfab0e0132dde44
SHA512

52baf478f0dab1bb13e03b6ae47ea48b0cc329a35569cd78473e8c5eeefe0d6474b7ad720cbf90664fd140c9c76dcfdd92bcddee11c8b9c2488b5c114d7babf2
SSDEEP

3072:vqu/oVRpW3b2OQLOhRy7kCmRHnhAQPukkGfeDN/z2HS79BKyJcC:v1o3Ab2VLOhAehhN9vexb2HS79gyK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2700 wrote to memory of 2528	2700	rundll32.exe	89
PID 2700 wrote to memory of 2528	2700	rundll32.exe	89
PID 2700 wrote to memory of 2528	2700	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\IPLocal.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2700
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MirServer\Mir200\IPLocal.dll,#1
  2⤵
  PID:2528