fcf138aa9377869f1f91b55107559e6f7dfc55e96514a414d018489d7ffac7ce

Analysis

max time kernel
92s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 04:23

Target

66b02d828d536ce4ed2d6eae4da0a27a.dll
Size

57KB
MD5

66b02d828d536ce4ed2d6eae4da0a27a
SHA1

44d48ef3998317c3bbb8d8f73f8682d3597fa338
SHA256

fcf138aa9377869f1f91b55107559e6f7dfc55e96514a414d018489d7ffac7ce
SHA512

ced88f22da162d1d32126ea5f16922d84c71c32984542ce59e46d37d48b9a67847a995648432ab1c715034f616dd639f9f1fb5aed87cb27c873f0f8297da343b
SSDEEP

768:OfbkuHh143hrQVr4j0MyQovVRuCq/72LuuWC29zh2ULGV:ebkuHh143hk14Y3nqqyuWC2Rh2Uq

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3384 wrote to memory of 1780	3384	rundll32.exe	86
PID 3384 wrote to memory of 1780	3384	rundll32.exe	86
PID 3384 wrote to memory of 1780	3384	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\66b02d828d536ce4ed2d6eae4da0a27a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3384
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\66b02d828d536ce4ed2d6eae4da0a27a.dll,#1
  2⤵
  PID:1780

memory/1780-0-0x0000000023730000-0x000000002377D000-memory.dmp

Filesize
308KB

Download