f36dd83cea965b8453f6e74f6d005ed683afc992d30148d0a5a32de523c59ab2

Analysis

max time kernel
152s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 13:07

Target

1978d6b6c04ff2b517aaee19b98acdca.dll
Size

218KB
MD5

1978d6b6c04ff2b517aaee19b98acdca
SHA1

3d68480d024a3a08ef40ea7a9b55b036a31343c5
SHA256

f36dd83cea965b8453f6e74f6d005ed683afc992d30148d0a5a32de523c59ab2
SHA512

5cf12e5c1ef59e560002bcbde482ecbc9b113547cbd1345b42a3928d8551875644cb91d094f5094deea124517c0a427237c5d936eb0df8b3bc35be1d3ef71ebc
SSDEEP

6144:7J0Um15VzGPstBMFrHgnUS2X7YTzZ1sAeqvte9:7WU2aPIBMFrHgnUS2kTzDsAeCte

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 3140	744	rundll32.exe	15
PID 744 wrote to memory of 3140	744	rundll32.exe	15
PID 744 wrote to memory of 3140	744	rundll32.exe	15

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1978d6b6c04ff2b517aaee19b98acdca.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1978d6b6c04ff2b517aaee19b98acdca.dll,#1
  2⤵
  PID:3140