24d3030b2512ccc6805b40d81a28f39cdc8e54dab9ef263a30711e915de6c909

Analysis

max time kernel
139s
max time network
166s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 01:38

Target

49ebe7d3d56f1ab1a14add88915967b4.dll
Size

1.6MB
MD5

49ebe7d3d56f1ab1a14add88915967b4
SHA1

a030b86355e4df304c1ea29a6c4a6256047b35a2
SHA256

24d3030b2512ccc6805b40d81a28f39cdc8e54dab9ef263a30711e915de6c909
SHA512

85166b2c8a0bc9a2151102baf8ec4f3244c552841ec04ef96e8364a31767162a47c091b7c6e768e0c76680f616ed377f1794aa456e0f2c21ecb7faa4538942cf
SSDEEP

24576:8vnbw87fCpvu+pS0+M3tb0pvaep5Z1ejollsQUfIKKuZAP2pgODaQMFTuLKY3Z:Q2pvu/0J3tCieDJ/sQxKbZ8QMFTuXZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 344	3712	rundll32.exe	89
PID 3712 wrote to memory of 344	3712	rundll32.exe	89
PID 3712 wrote to memory of 344	3712	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\49ebe7d3d56f1ab1a14add88915967b4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\49ebe7d3d56f1ab1a14add88915967b4.dll,#1
  2⤵
  PID:344