35a7a734e734dbe95b11d0844c1790aa637c440334f221f7117e8d55db9fa5d8

Analysis

max time kernel
151s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:29

Target

01c1ecce8dad2c597172cb7ebfad5b4b.dll
Size

19KB
MD5

01c1ecce8dad2c597172cb7ebfad5b4b
SHA1

d69d2a611a86e65f223c60fbf76e50f3324c9fe7
SHA256

35a7a734e734dbe95b11d0844c1790aa637c440334f221f7117e8d55db9fa5d8
SHA512

f3feb58e5050874fa5e9a132e0b1ed2d80ce6e3e22e0b868020adce152dfe9169ddf5779bf6045929a90ee11641327540a6fe639e08dd35fe5cc4120b35325a4
SSDEEP

384:DZXVCJvjOKBIeACv4fm3OzVXw2a4ubiQ8fOHDX+YeH2VFKIPyb/cpcfGQkr:VVyjOKBIeACv4O3OJw2GbFHDXv2b/cpZ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 3408	1600	rundll32.exe	89
PID 1600 wrote to memory of 3408	1600	rundll32.exe	89
PID 1600 wrote to memory of 3408	1600	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01c1ecce8dad2c597172cb7ebfad5b4b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01c1ecce8dad2c597172cb7ebfad5b4b.dll,#1
  2⤵
  PID:3408