c10482cbf0fe11ce6e7da8945a7dbd9676031e4598454c26fb8e4613d267051f

Analysis

max time kernel
138s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
18/01/2024, 01:00

Target

6411e9cd66bb5934c2a9d8b8939760be.dll
Size

44KB
MD5

6411e9cd66bb5934c2a9d8b8939760be
SHA1

b9f6933c99809bb877cf3e42d6c709c68e1c7890
SHA256

c10482cbf0fe11ce6e7da8945a7dbd9676031e4598454c26fb8e4613d267051f
SHA512

43a00fb9389876f4a05541fb57449602cd528823566ee378436063201e24cb29189914f05c0cb4dd7b3974709c7eb2863210a09345c1974982c4071d7fd81abe
SSDEEP

768:NBwrjM3+3F7sEs0w7Y9htyxgU1sy/A5wOgW3fBBQARQk56sW:NWwu1M0wkr6OgW3fBBQAR

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2044 wrote to memory of 1568	2044	rundll32.exe	86
PID 2044 wrote to memory of 1568	2044	rundll32.exe	86
PID 2044 wrote to memory of 1568	2044	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\6411e9cd66bb5934c2a9d8b8939760be.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\6411e9cd66bb5934c2a9d8b8939760be.dll,#1
  2⤵
  PID:1568