e16348a5186d0b87c81bbbe685b9d505d7707d76c14a08b4e77cd7481aba04f3

Analysis

max time kernel
155s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01/01/2024, 13:24

Target

3cf8b6bf7378b85aa07f59b800ad64e3.dll
Size

88KB
MD5

3cf8b6bf7378b85aa07f59b800ad64e3
SHA1

6fd1cb78fec46f4781d334de393f0e9a534f076b
SHA256

e16348a5186d0b87c81bbbe685b9d505d7707d76c14a08b4e77cd7481aba04f3
SHA512

2cf19c583ae23aab633a565b199247a2338399fbce25a42fa255f3e6a7a2cdf320643fd21ad52dd9583224b3a29b637e49d14666fb65545ccdb3854bade6457f
SSDEEP

1536:MKPtLPAEgKSbEF8S2a44edFe0ioZlOfKMpwr79jhhsMFHsH4f9:7PtAEfSY+S2a4zd0Z3fKMpSZFFff9

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 1740	3064	rundll32.exe	88
PID 3064 wrote to memory of 1740	3064	rundll32.exe	88
PID 3064 wrote to memory of 1740	3064	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cf8b6bf7378b85aa07f59b800ad64e3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3cf8b6bf7378b85aa07f59b800ad64e3.dll,#1
  2⤵
  PID:1740

memory/1740-0-0x0000000000850000-0x000000000085D000-memory.dmp

Filesize
52KB

Download
memory/1740-2-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1740-5-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/1740-6-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download