2dfefd6343c93403bcb4cd02b63da42acc2ac9c796a1b021ed8d4508468c0eb2

Analysis

max time kernel
132s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 06:47

Target

1169a028cce324da18514b73f7618f1d.dll
Size

72KB
MD5

1169a028cce324da18514b73f7618f1d
SHA1

07440ba944cd055b5fc25c69e96ea8b54ddb01df
SHA256

2dfefd6343c93403bcb4cd02b63da42acc2ac9c796a1b021ed8d4508468c0eb2
SHA512

641db0b69423da953f4c425e539709d950a9c6b5e6436fbed94ce976fb487908b180c45b2c02cf8e6a393549e4b229ee24f3469a095184279d317ac18b5bed9c
SSDEEP

768:9N8iyPF4m6cv8whSoqljLd0Zf99sHlh1/hpibP36ecMfJdgpdZCWzs0/R/:X0Pu68ToeAfwlh83ncMIdzsA/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2916 wrote to memory of 5100	2916	rundll32.exe	89
PID 2916 wrote to memory of 5100	2916	rundll32.exe	89
PID 2916 wrote to memory of 5100	2916	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1169a028cce324da18514b73f7618f1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2916
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1169a028cce324da18514b73f7618f1d.dll,#1
  2⤵
  PID:5100