ec4f2bd3094b8c35c39e20ed96c55453dddde0bf4c01b37344320e55bc2fe440

Analysis

max time kernel
144s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28-12-2023 20:34

Target

f6499dc090e96a6dbff7788b8847ba88.dll
Size

358KB
MD5

f6499dc090e96a6dbff7788b8847ba88
SHA1

e20c587a28150d5a952ea1cad5a55882c933bd72
SHA256

ec4f2bd3094b8c35c39e20ed96c55453dddde0bf4c01b37344320e55bc2fe440
SHA512

c12953d717247bdc28ccbe5c0639a46c40eb169978da80f4bf14789fa301aa70a5192e22c9e5af6ad99180168dc1669b3f63cc8a4dc1dcc99893d41c77967abb
SSDEEP

6144:aF4wMbe4DsDmxYDQCUclkE9USvG0ylZPtjn8gDoPrqhtKbhVAapq0QmJghKg:7Jbe4DUtDv5Hl+rnP2g2rk6HqFhL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2248 wrote to memory of 5104	2248	rundll32.exe	30
PID 2248 wrote to memory of 5104	2248	rundll32.exe	30
PID 2248 wrote to memory of 5104	2248	rundll32.exe	30

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6499dc090e96a6dbff7788b8847ba88.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f6499dc090e96a6dbff7788b8847ba88.dll,#1
  2⤵
  PID:5104

memory/5104-1-0x00000000025E0000-0x00000000026E0000-memory.dmp

Filesize
1024KB

Download
memory/5104-0-0x0000000010000000-0x000000001005E000-memory.dmp

Filesize
376KB

Download