2bc5f2eead7753507f0813056e1889dfcee1d9b13dd41c3a97de66a6ea000045

Analysis

max time kernel
142s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 04:23

Target

3fe2c10589258125a19d2bb2e983df23.dll
Size

16KB
MD5

3fe2c10589258125a19d2bb2e983df23
SHA1

a2db6da059cd5fa816883cce85cb6a8ffc194789
SHA256

2bc5f2eead7753507f0813056e1889dfcee1d9b13dd41c3a97de66a6ea000045
SHA512

5c104784ea179a74e7e323d25c9b1a477087f84a7d3d6e0fb106175353cded1f319bed92db192e76d2c7a827770384e52946763fce9f9476af7afc9ec7e6aa65
SSDEEP

384:Afd86oxFP6w3ZedXyfhM//8ysrhY8oSBaaE5pPINz4e9:AffoxFP6wJeV+he/8yeDYpp

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3712 wrote to memory of 2212	3712	rundll32.exe	17
PID 3712 wrote to memory of 2212	3712	rundll32.exe	17
PID 3712 wrote to memory of 2212	3712	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fe2c10589258125a19d2bb2e983df23.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3712
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fe2c10589258125a19d2bb2e983df23.dll,#1
  2⤵
  PID:2212

memory/2212-0-0x0000000000C60000-0x0000000000C66000-memory.dmp

Filesize
24KB

Download
memory/2212-1-0x0000000000C60000-0x0000000000C66000-memory.dmp

Filesize
24KB

Download