6fa6c5d85c5615d365003af8ad7526de16d550340f5e8798e0b2eb9414b85d21

Analysis

max time kernel
201s
max time network
225s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 05:17

Target

0fcdb9a9971b4dc3b394ad8d424f1b42.dll
Size

69KB
MD5

0fcdb9a9971b4dc3b394ad8d424f1b42
SHA1

25b8c23dd9f3877cfd5fca5e630c5ac04e5f0955
SHA256

6fa6c5d85c5615d365003af8ad7526de16d550340f5e8798e0b2eb9414b85d21
SHA512

d56bc66d092818a98185f077bc5127a7bd2f00404e125d9af6c82f1d3e32be086d6592cc089ba76362a49cfd90aa603dc411ab130b601be4f49f86191dfc74d1
SSDEEP

1536:Cn97n0fuqR45XM4HG+GaV5gnXolN7gyQzBE9C2ejLn8Zd88G+I:o5XMuGbolN7vK2QYZd88pI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3704 wrote to memory of 5048	3704	rundll32.exe	85
PID 3704 wrote to memory of 5048	3704	rundll32.exe	85
PID 3704 wrote to memory of 5048	3704	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fcdb9a9971b4dc3b394ad8d424f1b42.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3704
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0fcdb9a9971b4dc3b394ad8d424f1b42.dll,#1
  2⤵
  PID:5048

memory/5048-1-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download
memory/5048-0-0x0000000000440000-0x000000000044A000-memory.dmp

Filesize
40KB

Download