e370c7f25fe189e9d7f8f6cee8c1acb382c8993d258d7a1f2ce264c39f4846c6

Analysis

max time kernel
142s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-02-2024 18:57

Target

8fe79622ab203d953be5e0f8f3ceaeb4.dll
Size

32KB
MD5

8fe79622ab203d953be5e0f8f3ceaeb4
SHA1

eda28eaf36868395a09bfab7e6bc5da7e9e8bb63
SHA256

e370c7f25fe189e9d7f8f6cee8c1acb382c8993d258d7a1f2ce264c39f4846c6
SHA512

6e7bfdfe35b1aebbd53d42f5a268500c510f2353cff4db16f1c41ec515735220dc726c519579f83e45c93d4fe189af4df6d0f6f1a3617dbe6b076ba3a8b03dc0
SSDEEP

384:mL1HL44GYRh6VBZrV21oxL0QCWGC++K6geQuLWo1eQZTxXWPWCYfos4:+1VdP6VBxxLiWGr+We3gYQs4

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2196 wrote to memory of 412	2196	rundll32.exe	38
PID 2196 wrote to memory of 412	2196	rundll32.exe	38
PID 2196 wrote to memory of 412	2196	rundll32.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fe79622ab203d953be5e0f8f3ceaeb4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2196
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8fe79622ab203d953be5e0f8f3ceaeb4.dll,#1
  2⤵
  PID:412