3bfd53f86cfec1e7698d0c2ea18f5ba8e94cf1d18bea02a68defaab725fe9cd1

Analysis

max time kernel
127s
max time network
170s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:49

Target

2c387b93f7848b583c43c280ebf6a177.dll
Size

134KB
MD5

2c387b93f7848b583c43c280ebf6a177
SHA1

55de05d93a1861539fe4380a7c35c41d62f39ab8
SHA256

3bfd53f86cfec1e7698d0c2ea18f5ba8e94cf1d18bea02a68defaab725fe9cd1
SHA512

60659bf777f297846655df19b18b885f00b4335247b40cb6e1cc404faa2ccbed11ddb6dd43bdea88ce3850d77b0ce3e9673fe0c3c720e02c90ddada1ed0b4e75
SSDEEP

3072:jI1C1Ehl5GTtSEByqEMBnDJVnG4whFltDbYHUiIwBBw:7QlETtSEBM6DJlGLbtsbBe

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2688 wrote to memory of 4816	2688	rundll32.exe	89
PID 2688 wrote to memory of 4816	2688	rundll32.exe	89
PID 2688 wrote to memory of 4816	2688	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c387b93f7848b583c43c280ebf6a177.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2688
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\2c387b93f7848b583c43c280ebf6a177.dll,#1
  2⤵
  PID:4816

memory/4816-0-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download
memory/4816-2-0x0000000002150000-0x00000000022E9000-memory.dmp

Filesize
1.6MB

Download
memory/4816-3-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download
memory/4816-1-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download
memory/4816-4-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download
memory/4816-5-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download
memory/4816-6-0x0000000010000000-0x000000001003A000-memory.dmp

Filesize
232KB

Download