cd27834713073dc2062d83f979def6041963c765ab6a59736d591d4f25137242

Analysis

max time kernel
135s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 08:02

Target

12e50a34b93c2b444eb2e4d3d95e10dd.dll
Size

182KB
MD5

12e50a34b93c2b444eb2e4d3d95e10dd
SHA1

897466e3ee4e6c067064dcc0cfd8b7fdbd57f686
SHA256

cd27834713073dc2062d83f979def6041963c765ab6a59736d591d4f25137242
SHA512

faf36bdc2978f968990634c9e35bcea6376562fc1020e7158434abfb4bdb0cd54563f7ebbb41afd8016a1f39bc17a1473e912ffcbb0b161bb34aa6cf33adc10b
SSDEEP

3072:2+VoIEDtUiAr4x6hs2OEMjwIvnlkgpMQ8uEOdElM4uuW4NKjVkwQMW:2+VNERr05FgcalzEOqBuQNK

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 1612 wrote to memory of 1144	1612	rundll32.exe	89
PID 1612 wrote to memory of 1144	1612	rundll32.exe	89
PID 1612 wrote to memory of 1144	1612	rundll32.exe	89
PID 1144 wrote to memory of 1232	1144	rundll32.exe	95
PID 1144 wrote to memory of 1232	1144	rundll32.exe	95
PID 1144 wrote to memory of 1232	1144	rundll32.exe	95

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e50a34b93c2b444eb2e4d3d95e10dd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1612
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\12e50a34b93c2b444eb2e4d3d95e10dd.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1144
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\system32\svchost.exe
    3⤵
    PID:1232