7b9ee2a4c0da327bd525e4632503d73c3c06424bde16b5e103fe95c704e311f4

Analysis

max time kernel
148s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 08:38

Target

6064983b084d18c683a18adf974d5558.dll
Size

35KB
MD5

6064983b084d18c683a18adf974d5558
SHA1

2cc9a0b01295cd89024aeb2f2685501e120d5557
SHA256

7b9ee2a4c0da327bd525e4632503d73c3c06424bde16b5e103fe95c704e311f4
SHA512

fae019a6c8ee84c3fadd3af0c87622b6675f4ed2eb9ec2262552992cc1b0e914e5eb86594d848104e4bd66d7eadd77490b38d8719653f161dc8eaaf4dde47376
SSDEEP

768:VtScn27uBZZvy0EgyUWlLhzT7/5PIYCafxIl5D+AOBNgp0yN+C:VR2iZFZECO3CPafmSAOB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2164 wrote to memory of 840	2164	rundll32.exe	14
PID 2164 wrote to memory of 840	2164	rundll32.exe	14
PID 2164 wrote to memory of 840	2164	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6064983b084d18c683a18adf974d5558.dll,#1
1⤵
PID:840

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6064983b084d18c683a18adf974d5558.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2164

memory/840-0-0x0000000010000000-0x0000000010026000-memory.dmp

Filesize
152KB

Download
memory/840-1-0x00000000015E0000-0x00000000015E1000-memory.dmp

Filesize
4KB

Download