cb00989bd0a80b1474c3e2b3fbcb7c9063bfa1c620bd65383090e831f5a067b5

Analysis

max time kernel
139s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
24/01/2024, 05:03

Target

7184c978c82422486843f235c2c79691.dll
Size

28KB
MD5

7184c978c82422486843f235c2c79691
SHA1

221f0b1a8c19eb442132eed0d8e3b0729fdf6d68
SHA256

cb00989bd0a80b1474c3e2b3fbcb7c9063bfa1c620bd65383090e831f5a067b5
SHA512

b3cba3b3739d9bbee94588611385d957675c936467339735840b1b38e1a4dab45b4493d1c63247191ece91ef07839b0ebd2b1047fb7d4b61a2d6efdf61ec665b
SSDEEP

192:2vFQeJd10I7nr0IViQUWLSeKNF061zJeCecAMYJG7jBs3GmBR6nt:2v6ehLnQIIQUTeKNGhb5R4jBs3/r6t

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1952 wrote to memory of 1136	1952	rundll32.exe	68
PID 1952 wrote to memory of 1136	1952	rundll32.exe	68
PID 1952 wrote to memory of 1136	1952	rundll32.exe	68

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7184c978c82422486843f235c2c79691.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1952
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7184c978c82422486843f235c2c79691.dll,#1
  2⤵
  PID:1136