c2111a2c6922d99e84f03d80d21dabfbc54a95b12af55169eb97afa39180aa47

Analysis

max time kernel
142s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 23:57

Target

7e57269cad5ab71e05f3d9c345671052.dll
Size

16KB
MD5

7e57269cad5ab71e05f3d9c345671052
SHA1

5ab7df27364bfe98d1c050866ab86960b8d055e4
SHA256

c2111a2c6922d99e84f03d80d21dabfbc54a95b12af55169eb97afa39180aa47
SHA512

c0cb2cb0933c1e18201ca491f347d8f3cb2c4ee973d880bfe12735d21ff04e1b30e34a3b3fd4537e6761f8396ad263182e6bbec21ae0a9d27a9e289471691da0
SSDEEP

384:ZA4lK8duI57CyoUFvV72O9PnWpvt48f16qe9wj5DL:q4lPhtoUOSnWpF796qeqFDL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 392 wrote to memory of 5028	392	rundll32.exe	83
PID 392 wrote to memory of 5028	392	rundll32.exe	83
PID 392 wrote to memory of 5028	392	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e57269cad5ab71e05f3d9c345671052.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:392
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7e57269cad5ab71e05f3d9c345671052.dll,#1
  2⤵
  PID:5028

memory/5028-0-0x0000000000C30000-0x0000000000C36000-memory.dmp

Filesize
24KB

Download
memory/5028-1-0x0000000000C30000-0x0000000000C36000-memory.dmp

Filesize
24KB

Download