ecb5f68c374c1611c13142318907c12cefbf1df590c25dd58c9ee3a45dc006d6

Analysis

max time kernel
152s
max time network
165s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 08:53

Target

13cea6fb7d1999d6fa3ad6ac458be738.dll
Size

47KB
MD5

13cea6fb7d1999d6fa3ad6ac458be738
SHA1

552c9ebdda1d3496035d1dccba4bc8cde1e396c0
SHA256

ecb5f68c374c1611c13142318907c12cefbf1df590c25dd58c9ee3a45dc006d6
SHA512

227f8bededb69a4acd71dfe2240e67c58c13fe4f677a1e34b9cd01bc20d8dc4e92a1e5dbf56b859955f4c834d930f3ac1bd2c2bf50bbcab36de1b915a12cdc46
SSDEEP

768:VNpaJI/mgUhkjPToAlvr9rck8BDMy3LtN7ioDgl+1+2QqZ83:VF/mAjPToARU/btYoo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5104 wrote to memory of 4292	5104	rundll32.exe	88
PID 5104 wrote to memory of 4292	5104	rundll32.exe	88
PID 5104 wrote to memory of 4292	5104	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\13cea6fb7d1999d6fa3ad6ac458be738.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5104
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\13cea6fb7d1999d6fa3ad6ac458be738.dll,#1
  2⤵
  PID:4292