bb8212bffd2332b32895c2294ec92c862e3134e4665db6521b91f78c259c7585

Analysis

max time kernel
145s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 02:22

Target

4c68e01fb4d90e4ae4a18ca9787167d0.dll
Size

68KB
MD5

4c68e01fb4d90e4ae4a18ca9787167d0
SHA1

6aa9d9f24816ebdb461dc365c714d78e950451fa
SHA256

bb8212bffd2332b32895c2294ec92c862e3134e4665db6521b91f78c259c7585
SHA512

1617ebdbc2bf80a0d2a73e7eb11730ac013bfb3048dbf49537129323b3cd1a6bb454aed2a7127b1613638ec830ba73d75e2986097b78d0a086a2559fcdd82b49
SSDEEP

1536:tYG5D3OQLNE+AzkSGyGJSMzCmxJSZPxvx3EUWg:td5TOQLNE+AzkSGyGJXzcZJJUr

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 640 wrote to memory of 1972	640	rundll32.exe	17
PID 640 wrote to memory of 1972	640	rundll32.exe	17
PID 640 wrote to memory of 1972	640	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c68e01fb4d90e4ae4a18ca9787167d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:640
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4c68e01fb4d90e4ae4a18ca9787167d0.dll,#1
  2⤵
  PID:1972