384ec376e68c67acbfa8686dd2eba9565bb3b9610b524f66be56a150e0815da0

Analysis

max time kernel
138s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:07

Target

141b2bcb6e8e46c5a9012b74af86261c.dll
Size

38KB
MD5

141b2bcb6e8e46c5a9012b74af86261c
SHA1

4be1cfa2a9507fb49da6674ae826960c2a95eaa7
SHA256

384ec376e68c67acbfa8686dd2eba9565bb3b9610b524f66be56a150e0815da0
SHA512

2071cf10dd484556761971ab47d38db1cc053d21de2f633a5bd6c09126e2b989c0d17a7e7c654705121dd92fd6ab4f66e9bce5ab2e69bc6a1872ac3ea9fa1462
SSDEEP

768:ht2YH5sl4woC/8ehij9al+72frDXNSGijYRDtF3f:zj5sl0CphijQg72frsLYRDtFP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2416 wrote to memory of 4888	2416	rundll32.exe	43
PID 2416 wrote to memory of 4888	2416	rundll32.exe	43
PID 2416 wrote to memory of 4888	2416	rundll32.exe	43

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\141b2bcb6e8e46c5a9012b74af86261c.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\141b2bcb6e8e46c5a9012b74af86261c.dll,#1
  2⤵
  PID:4888