c9d482e464b24f563a145e4a4e1b6c4dcc707887bc41d43a08360b41f6145535

Analysis

max time kernel
130s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 19:32

Target

01d700d38a811d4af91b581b37f0e83c.dll
Size

445KB
MD5

01d700d38a811d4af91b581b37f0e83c
SHA1

7898d87b2c6df6b115dbbcd30d498d52b94931b6
SHA256

c9d482e464b24f563a145e4a4e1b6c4dcc707887bc41d43a08360b41f6145535
SHA512

49e91b08c0f40fcb40146fcf70036cb0d5956fc19c7e22c9b0c9108cf3c3a0a23caf1f7145102d4f2ce9c4b5b91c37ca655285c31b1dd5dc6baed486a9841730
SSDEEP

6144:/4TFDZZEKTHAJiKXi4LE4wxHObJ2LG24z/3nZr26tVrl/tg5o8jOcfDvecdQs:/cp/BtKy4LE4wxubJ2Li73ZpjgRdKWQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3324 wrote to memory of 1864	3324	rundll32.exe	77
PID 3324 wrote to memory of 1864	3324	rundll32.exe	77
PID 3324 wrote to memory of 1864	3324	rundll32.exe	77

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\01d700d38a811d4af91b581b37f0e83c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\01d700d38a811d4af91b581b37f0e83c.dll,#1
  2⤵
  PID:1864