c38809cff06deb27896a1f30469c12c648e1ccbfb3058841cb619ccfff1fdbcb

Analysis

max time kernel
139s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 22:45

Target

3b413d97060e24d280dd0f4872b9b903.dll
Size

277KB
MD5

3b413d97060e24d280dd0f4872b9b903
SHA1

1cb71d9732b88e5644fde414e1317c93af9b4c7b
SHA256

c38809cff06deb27896a1f30469c12c648e1ccbfb3058841cb619ccfff1fdbcb
SHA512

587d99ef299d9292599eb205cc31e071669dabe6edfd240857cce13d0e5e101de0e5fadb15830cecae4fce240c80e12577a994c9a5971dd65013ab4fb250d862
SSDEEP

6144:pyl/zy8Orezu7I/mfzJGpgJina9Lcp9UBvkUPVOtjV/EAZ9Qt0ebGZqABySwAp8k:pO/zy88ezu6mfzJGpgJrTkUPViebSqVg

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2336 wrote to memory of 1868	2336	rundll32.exe	90
PID 2336 wrote to memory of 1868	2336	rundll32.exe	90
PID 2336 wrote to memory of 1868	2336	rundll32.exe	90

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b413d97060e24d280dd0f4872b9b903.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2336
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3b413d97060e24d280dd0f4872b9b903.dll,#1
  2⤵
  PID:1868