633dfc0fc1b6608af27af0de8c9f20ba595a83b18698dbbf9507e181751913f3

Analysis

max time kernel
146s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 02:36

Target

4d1eaefb5a89460617c09781ced22e1d.dll
Size

73KB
MD5

4d1eaefb5a89460617c09781ced22e1d
SHA1

72f3e592389bfa6a3b0b61f015899cda7df88eeb
SHA256

633dfc0fc1b6608af27af0de8c9f20ba595a83b18698dbbf9507e181751913f3
SHA512

35016fd3faf63ebde0c30bbf7438147ad24cf1f58d7787c64c3790ec367dd74359cbf8f4984375ed8e1e0408c964b3bb5ce89ce4d3a700e204a6f77cf1fc57cd
SSDEEP

1536:H/+lis8usYy0G9LU16Q+vTAiHvEfTdLRJERZ354n1RUmPDdkdl+yNvm:Glis85YlMQ+vTVHsZLRKsJPiO

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2960	2256	rundll32.exe	76
PID 2256 wrote to memory of 2960	2256	rundll32.exe	76
PID 2256 wrote to memory of 2960	2256	rundll32.exe	76

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1eaefb5a89460617c09781ced22e1d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4d1eaefb5a89460617c09781ced22e1d.dll,#1
  2⤵
  PID:2960