62b0afc5f04c684e952c055bc56de6feb8636004376911b540d7429fdbd95e9f

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
02-02-2024 00:17

Target

880b3fecdaa588ecb0283dcfdca4912f.dll
Size

24KB
MD5

880b3fecdaa588ecb0283dcfdca4912f
SHA1

b781648226de82fc3fda99d47aeeeb0bde1e0a91
SHA256

62b0afc5f04c684e952c055bc56de6feb8636004376911b540d7429fdbd95e9f
SHA512

2fadcb3bde1d96a38bc2ee64267ea8b1b4bf65a34f9356dc3e394e72cbbb1f3aa8c64d9c26f82e1b6c32be8fa9dc9576661f5d0a37cd7131aca472f7f38df941
SSDEEP

192:osNGS9RWanc9Lht82SrBOUzk9m4VM8GjFVemPej8V1TqMXk0:ocG8W59LhtEQA/4O82FV9PS8Vkwk0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2932 wrote to memory of 1452	2932	rundll32.exe	85
PID 2932 wrote to memory of 1452	2932	rundll32.exe	85
PID 2932 wrote to memory of 1452	2932	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\880b3fecdaa588ecb0283dcfdca4912f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2932
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\880b3fecdaa588ecb0283dcfdca4912f.dll,#1
  2⤵
  PID:1452