1fc776a29d6c629e48e2312babc5059c13d4049b6254e564e1031fbeb0c1f61c

Analysis

max time kernel
142s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 12:32

Target

6ecbfcb7274d38053dfa031d5561204b.dll
Size

72KB
MD5

6ecbfcb7274d38053dfa031d5561204b
SHA1

e72e3ac1c4eaa734b62bf3b390366a44aaad0c7d
SHA256

1fc776a29d6c629e48e2312babc5059c13d4049b6254e564e1031fbeb0c1f61c
SHA512

d31b88573dfb6f2d730266bebcaa9cbad19590175d7b0bbf063d4c9fb1047dfc606f4d7d66be648b60fca5dc423d7b48463ce53a030b73b87f9e4f9fa3266225
SSDEEP

1536:CK/8+tBGicI+lQ7JwMUp5SUFChkrvzwHUBCbmubdsO4K:sUMlQ7ESMe2rwSCbhbdp4K

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4536 wrote to memory of 2876	4536	rundll32.exe	15
PID 4536 wrote to memory of 2876	4536	rundll32.exe	15
PID 4536 wrote to memory of 2876	4536	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ecbfcb7274d38053dfa031d5561204b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4536
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6ecbfcb7274d38053dfa031d5561204b.dll,#1
  2⤵
  PID:2876