e9bd3eabe2cce1eb5de9dbb0e36b656335172f7889c608e2cc525b7c8ef19e06

Analysis

max time kernel
144s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 02:12

Target

4bcf645970e80d68032e83eec1ca05c5.dll
Size

119KB
MD5

4bcf645970e80d68032e83eec1ca05c5
SHA1

7171344deaf396b85c1520534ebc0f70cfa3dc15
SHA256

e9bd3eabe2cce1eb5de9dbb0e36b656335172f7889c608e2cc525b7c8ef19e06
SHA512

cd09cf64d821ba83768b0d1d46805c6ed0fbd2710faf350ad6b2460bc25ab8152ae4c88ac4223d6676d2d4dd41df686f60b7b2fa26e15529c206ed4b37b0e007
SSDEEP

3072:uo4JUnrIBJM8vcQlSRj9vG/zJjwSNu5ydl1usoaQsgX9:iWnrgn0jpGxwYyydzMxN

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1436 wrote to memory of 1040	1436	rundll32.exe	14
PID 1436 wrote to memory of 1040	1436	rundll32.exe	14
PID 1436 wrote to memory of 1040	1436	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bcf645970e80d68032e83eec1ca05c5.dll,#1
1⤵
PID:1040

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4bcf645970e80d68032e83eec1ca05c5.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1436