6a0677d38a73288ffd303c7bed3bfcf9a1c368e05eaa6da19ce0e37054ea4325

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 10:24

Target

670fdabee279dfa7d6bba4894cd6cbb6.dll
Size

90KB
MD5

670fdabee279dfa7d6bba4894cd6cbb6
SHA1

6b20df94f50d7ba91e6234b41540dbc36721ac15
SHA256

6a0677d38a73288ffd303c7bed3bfcf9a1c368e05eaa6da19ce0e37054ea4325
SHA512

131aca46b9d261d056f27ee0eeee0a7904ed05abfdc3a11a7cc64fc528eda42a3e1bceff83c90efa8944e9dbb01c27f39457ca3139a165e8c1d331c491c47d7e
SSDEEP

1536:KsWGHeLBAjdqPd0xnhBbgA6UBeiFT0mYpDKyLC75F1UsJABsi3/P9ACO:FWHokOVheHmYYyLY9eX9ACO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2280 wrote to memory of 4888	2280	rundll32.exe	14
PID 2280 wrote to memory of 4888	2280	rundll32.exe	14
PID 2280 wrote to memory of 4888	2280	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\670fdabee279dfa7d6bba4894cd6cbb6.dll,#1
1⤵
PID:4888

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\670fdabee279dfa7d6bba4894cd6cbb6.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2280