bddc6e8a01b0b8e4b80baa7010b378d75964691877161523c92a6311e69954b0

Analysis

max time kernel
150s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 21:17

Target

1cb86d0e62208d4f5718d8200418b4e2.dll
Size

72KB
MD5

1cb86d0e62208d4f5718d8200418b4e2
SHA1

479f9651a37691e0adf262308cd97fa5e0e835a2
SHA256

bddc6e8a01b0b8e4b80baa7010b378d75964691877161523c92a6311e69954b0
SHA512

77e749c7fc7d07a44d83dfeccac7692ac62909072b681c3b289977e006c40ecb9c89248d43b767f345f794b852042c3ceaa3c052b584b0ccc95a81d9aa274ef4
SSDEEP

768:1iihFTz7bnpvSv0YMwTCco/pa5EFdTxVzzzvfABOb784Nyyfk0NdkQew9jWojLEt:RhF/pvOVCcp5EFdld3o4tk0EMyoLr4x

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1568 wrote to memory of 3960	1568	rundll32.exe	88
PID 1568 wrote to memory of 3960	1568	rundll32.exe	88
PID 1568 wrote to memory of 3960	1568	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cb86d0e62208d4f5718d8200418b4e2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1568
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1cb86d0e62208d4f5718d8200418b4e2.dll,#1
  2⤵
  PID:3960

memory/3960-0-0x0000000002690000-0x000000000269A000-memory.dmp

Filesize
40KB

Download
memory/3960-2-0x0000000010000000-0x0000000010009000-memory.dmp

Filesize
36KB

Download