fe435a179c8a05d1f606ab0ca8d005c6a02a6ce3e38e62c3a0ee5ff1b2fb7270

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2024, 11:27

Target

58cedf8093c8405366dda9b685be4343.dll
Size

332KB
MD5

58cedf8093c8405366dda9b685be4343
SHA1

cdb11cdbe3476e9cbe72e494f11fbc4e3bb45482
SHA256

fe435a179c8a05d1f606ab0ca8d005c6a02a6ce3e38e62c3a0ee5ff1b2fb7270
SHA512

c833377a8dce91a0557c94ef1ae883f7892c56830673525cef52ecdc267d69e6006bc2e8ecb07e776f156cf1e7aaaac519f201fdfd6ca2fb493f0bf626eb2947
SSDEEP

6144:1BfIKr+1TgYWTxisfqebbC6ry6VEwB5fGzl2S+XsRAHrAC8l58X:7IKSBwliqqmPj5D84rA

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2268 wrote to memory of 1564	2268	rundll32.exe	83
PID 2268 wrote to memory of 1564	2268	rundll32.exe	83
PID 2268 wrote to memory of 1564	2268	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58cedf8093c8405366dda9b685be4343.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2268
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58cedf8093c8405366dda9b685be4343.dll,#1
  2⤵
  PID:1564

memory/1564-0-0x0000000010000000-0x0000000010056000-memory.dmp

Filesize
344KB

Download
memory/1564-1-0x00000000020D0000-0x00000000021D0000-memory.dmp

Filesize
1024KB

Download