9107c6fc44fe5e27a886851beb14eb033cb74e555bf3fb02517caae74d796e0e

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 07:17

Target

11ed9fb65947b0be0e4165144ba2a507.dll
Size

58KB
MD5

11ed9fb65947b0be0e4165144ba2a507
SHA1

8555f213c0ea839339604226fa99969485cc1807
SHA256

9107c6fc44fe5e27a886851beb14eb033cb74e555bf3fb02517caae74d796e0e
SHA512

76a535a321f7b4b4b878ba7dc1e8ee100776867bbbbe9fc6d26c9e2ad846a8b631ca88028c3d62a1431432bbde7477572b6d2462ca00bc0f113d04b00f629799
SSDEEP

1536:agF0eiyUcbhrHLlUk2nX2tdgUhHhenDayB2UzfG3Jq6K:t2yFNHxUk2+dZdhenGyBXz2VK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4576 wrote to memory of 3156	4576	rundll32.exe	14
PID 4576 wrote to memory of 3156	4576	rundll32.exe	14
PID 4576 wrote to memory of 3156	4576	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\11ed9fb65947b0be0e4165144ba2a507.dll,#1
1⤵
PID:3156

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\11ed9fb65947b0be0e4165144ba2a507.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4576

memory/3156-0-0x0000000010000000-0x0000000010011000-memory.dmp

Filesize
68KB

Download