a26fdd01843e9c2663b74e655f0b4e8acef8899d3bf145454a334f28791f7802

Analysis

max time kernel
142s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:28

Target

2a02cebb05c7d43ef96a5224838d74eb.dll
Size

521KB
MD5

2a02cebb05c7d43ef96a5224838d74eb
SHA1

9340fa96af16905204b793bcb6860c78e2f3cb10
SHA256

a26fdd01843e9c2663b74e655f0b4e8acef8899d3bf145454a334f28791f7802
SHA512

df3c2f5d820e4f615f3ff28aa02e94a5ce2cf9d5d62cb449e3238be6696af52c60644dcd221394050019310faec74a43a729f11e6c4398fedd69d40ac642548e
SSDEEP

768:bBn1rCTyGj65q9Ybb0tH24k/hAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+:bdpjGW5q9YbbYZk/w

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4936	4644	rundll32.exe	14
PID 4644 wrote to memory of 4936	4644	rundll32.exe	14
PID 4644 wrote to memory of 4936	4644	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a02cebb05c7d43ef96a5224838d74eb.dll,#1
1⤵
PID:4936

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2a02cebb05c7d43ef96a5224838d74eb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4644