1448d4793beca6e5740db91ed442ddd93fdd57119f131ff15ea13c997b60a620

Analysis

max time kernel
147s
max time network
141s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2023 08:38

Target

6061a1e817e53c21167bd4a1e899aa14.dll
Size

840KB
MD5

6061a1e817e53c21167bd4a1e899aa14
SHA1

b70b4d0d59f1af30e537e6c518e42623660baaa2
SHA256

1448d4793beca6e5740db91ed442ddd93fdd57119f131ff15ea13c997b60a620
SHA512

0d99bd6579e38936baa754e8600244d64a0de08432e74812fe4e6d87b1cc5ab2de0eb664839483b4f5adffd048c1e61497288da78cf4a4c30259bb9f379bf99a
SSDEEP

12288:rX2rHgSWr20se68Ol7uyFMTFt29jAu48GHyC7fJbFCHnDeA+8cf55SL5tRsHyI:rXUo20l68VyFYt25K86fJx4a8Q553T

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 2208	4968	rundll32.exe	15
PID 4968 wrote to memory of 2208	4968	rundll32.exe	15
PID 4968 wrote to memory of 2208	4968	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6061a1e817e53c21167bd4a1e899aa14.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6061a1e817e53c21167bd4a1e899aa14.dll,#1
  2⤵
  PID:2208