2b291c96a41ee187cdd57ea141e01744295d5012568890daef67bbab4322d4c3

Analysis

max time kernel
147s
max time network
52s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 07:56

Target

3c4f44608e210342c3507bc56f5d6d39.dll
Size

10KB
MD5

3c4f44608e210342c3507bc56f5d6d39
SHA1

0ba507a25fc67ba637ac8fe8f748648b06866b76
SHA256

2b291c96a41ee187cdd57ea141e01744295d5012568890daef67bbab4322d4c3
SHA512

d9607be4aa58c1f4ead4d0e74984be07004ac41971707203e30c4e4de16b966a63bc5d8251384daf15d2f81be53e8cc0daced04ae35dedab9a3a2885ba5c6a5c
SSDEEP

192:ohcZF3dORCzPk1+3yxcwlJAofY0qC7nVVgDSBdjulXg1TnejPtQTX8kgUwuJd:ohcZfICz81YyxcuqTkVVgDS+lX2tD/d

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2264 wrote to memory of 3908	2264	rundll32.exe	14
PID 2264 wrote to memory of 3908	2264	rundll32.exe	14
PID 2264 wrote to memory of 3908	2264	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c4f44608e210342c3507bc56f5d6d39.dll,#1
1⤵
PID:3908

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3c4f44608e210342c3507bc56f5d6d39.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2264

memory/3908-0-0x0000000025000000-0x0000000025017000-memory.dmp

Filesize
92KB

Download
memory/3908-1-0x0000000025000000-0x0000000025017000-memory.dmp

Filesize
92KB

Download