181c4c6f3bd4197513f29d051386f57e2b7899a35cdefe66b48cc40fc5557aae

Analysis

max time kernel
146s
max time network
112s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2024 07:39

Target

4320eedb550a6c2e88de1864332ec2e1.dll
Size

14KB
MD5

4320eedb550a6c2e88de1864332ec2e1
SHA1

211be7dc88f8db7f6dd6bfc1b855aa71895b8137
SHA256

181c4c6f3bd4197513f29d051386f57e2b7899a35cdefe66b48cc40fc5557aae
SHA512

6411a64c712eb603f39e41ebeb799b8fbb8c2a0e9b84c5aa461069aa2e4dc7970b8e2d8dcdacf209d85777b99160aa58a902f40d274b2f8725197f6d465eaa01
SSDEEP

192:bZXlQfsPDrIddZlG+ZSrJc6II3CD6mooBRKj85v/OIQkkNE+8hb6AyvWeck:VVdPfUZy3CD6LoBRfv/9WEd4eeck

Score

8^/10

Blocklisted process makes network request 2 IoCs

flow	pid	Process
31	3800	rundll32.exe
43	3800	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4540 wrote to memory of 3800	4540	rundll32.exe	14
PID 4540 wrote to memory of 3800	4540	rundll32.exe	14
PID 4540 wrote to memory of 3800	4540	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4320eedb550a6c2e88de1864332ec2e1.dll,#1
1⤵
- Blocklisted process makes network request
PID:3800

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4320eedb550a6c2e88de1864332ec2e1.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4540