2fad1a68f44e3a37042a61975284cde8802ad508d6081d6bac7957c00dcff7e9

Analysis

max time kernel
144s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29-12-2023 21:49

Target

04d655d046980e0edca47497577ae963.dll
Size

12KB
MD5

04d655d046980e0edca47497577ae963
SHA1

86931cf466580a8aa1495103fc43be34df98c54b
SHA256

2fad1a68f44e3a37042a61975284cde8802ad508d6081d6bac7957c00dcff7e9
SHA512

71081652749d07ef945eb0a64133c67170b6e4a9fc4ee6446f0d227d4bef28c9a0f9a179753996661fc2401e35230cc0c7bf7587897691a8e49322bb4c01092b
SSDEEP

192:spuD1DpLe4MhMCF2R1Hgl3J0ARd0ObI+M7i5eeAqbbKDe+ujzlY4c:SO3JMZF2XW50A1I+M7iNAqbbV+ujzlm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3248 wrote to memory of 2748	3248	rundll32.exe	39
PID 3248 wrote to memory of 2748	3248	rundll32.exe	39
PID 3248 wrote to memory of 2748	3248	rundll32.exe	39

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\04d655d046980e0edca47497577ae963.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3248
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\04d655d046980e0edca47497577ae963.dll,#1
  2⤵
  PID:2748