e286cdcc309437a6555d7914219b3d760d4eeec97fe700e352b67ac0d6544a89

Analysis

max time kernel
179s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 21:06

Target

3cbd57713a88ab3db384b9003117dba7.dll
Size

64KB
MD5

3cbd57713a88ab3db384b9003117dba7
SHA1

720489da413c8bff274632c3db856505a2a0480c
SHA256

e286cdcc309437a6555d7914219b3d760d4eeec97fe700e352b67ac0d6544a89
SHA512

e0683b7202b22462caa8091c754f31d3cc817ba35a812026f34d5d0936b8c6f123525993fb54db5608bc6e47fca90f048e45257af31a0309d81b6cc66fdf9305
SSDEEP

768:aHLEjXqOcy48wA+LkoqW8lyTxkw9U2p26wbzC5sdxMjiB9UQgwWHiGOs3q8:aWaC+Ltq1lyTCM8nzN4los68

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4456 wrote to memory of 4400	4456	rundll32.exe	57
PID 4456 wrote to memory of 4400	4456	rundll32.exe	57
PID 4456 wrote to memory of 4400	4456	rundll32.exe	57

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cbd57713a88ab3db384b9003117dba7.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cbd57713a88ab3db384b9003117dba7.dll,#1
  2⤵
  PID:4400