cddc2c2586dfd22d26302fa54b4b37f324b34fdec62f00b596cd3b5fb33e1dd2

Analysis

max time kernel
142s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 03:10

Target

0c916e43528b63528140976764d70896.dll
Size

64KB
MD5

0c916e43528b63528140976764d70896
SHA1

205a1c098284b93a889359d9bc11c7b0c0b0702a
SHA256

cddc2c2586dfd22d26302fa54b4b37f324b34fdec62f00b596cd3b5fb33e1dd2
SHA512

74868e72db92b62b15bfd35b02e556d116cedbfefde61366a1ad7219e6e6d7dd20d909a274c739c77405d7206a325f55c80d9c291064bfa9d853878bc330a549
SSDEEP

768:NHLEjXqOcy48wA+LkoqW8lyTxkw9U2p26wbzC5sdxMjiB9UQgwWHiGOs3q6:NWaC+Ltq1lyTCM8nzN4los66

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3840 wrote to memory of 4208	3840	rundll32.exe	88
PID 3840 wrote to memory of 4208	3840	rundll32.exe	88
PID 3840 wrote to memory of 4208	3840	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c916e43528b63528140976764d70896.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3840
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0c916e43528b63528140976764d70896.dll,#1
  2⤵
  PID:4208