18fb1efac7a965e3be1b7c090324e291fcdaba65ec213619d245aa4aa54387ba

Analysis

max time kernel
140s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 14:05

Target

api-ms-win-core-console-l1-1-0.dll
Size

18KB
MD5

aabbb38c4110cc0bf7203a567734a7e7
SHA1

5df8d0cdd3e1977ffacca08faf8b1c92c13c6d48
SHA256

24b07028c1e38b9ca2f197750654a0dfb7d33c2e52c9dd67100609499e8028db
SHA512

c66c98d2669d7a180510c57bab707d1e224c12ab7e2b08994eb5fd5be2f3dee3dbdb934bcb9db168845e4d726114bce317045027215419d3f13dcfa0f143d713
SSDEEP

192:aBgW1hWi7u7jCjdks/nGfe4pBjSYpP4W5RKTt3E2sVWQ4GWc6CT7yqnaj/6g6dyh:dW1hWLam0GftpBjhFm3S4xltZEU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5664 wrote to memory of 1836	5664	rundll32.exe	87
PID 5664 wrote to memory of 1836	5664	rundll32.exe	87
PID 5664 wrote to memory of 1836	5664	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-console-l1-1-0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5664
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\api-ms-win-core-console-l1-1-0.dll,#1
  2⤵
  PID:1836