b8c1c2110c273ec0ab902abec4c0c8886987dbc16eec689436afa316524f015e

Analysis

max time kernel
144s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 19:25

Target

FOTOS_DSC_IMG_1008201_JPG_0000000094893i94893le934jje939333399944059948.dll
Size

179KB
MD5

09d9016a7d9335978cc3102cc482bd32
SHA1

79fc86162c0044a6e3f70dcc7656c96f742fc6ac
SHA256

fdee4cf5e43c53ad9178ebc6c54d95b3f1a3f4d08c83526f2ec5454cc17fd355
SHA512

eeead0616b92f54ec4a2ab19e2d9a0d7808403ffccac4f9c4d6658c102a66158d7523d740c4ebc303fd74d36ebeaf59dc538988a0e2b1f615838424645ceca82
SSDEEP

3072:3/7TJdoC/aRA4CKFlbgg6lnjcfXyrady/tSAJMZk84sK47154AF41SXPY0Ry:3/7PojV4R/2KS/k+lF4Ywb

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3732 wrote to memory of 4788	3732	rundll32.exe	12
PID 3732 wrote to memory of 4788	3732	rundll32.exe	12
PID 3732 wrote to memory of 4788	3732	rundll32.exe	12

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FOTOS_DSC_IMG_1008201_JPG_0000000094893i94893le934jje939333399944059948.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3732
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\FOTOS_DSC_IMG_1008201_JPG_0000000094893i94893le934jje939333399944059948.dll,#1
  2⤵
  PID:4788