1219290eab2871141ac9e467b64dd931424b6f2082b664ef0b83ad7c1409da63

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 11:15

Target

abbfd2ccf155eb009167feb165eb53d0.dll
Size

1.1MB
MD5

abbfd2ccf155eb009167feb165eb53d0
SHA1

7c89382be6f7ac46362b8eb110d8d0e6d2dbf6af
SHA256

1219290eab2871141ac9e467b64dd931424b6f2082b664ef0b83ad7c1409da63
SHA512

12b8b5e0cade7395727707a48a5a82126ee9f1c08c7fac1641f66e81e1b636a4041d8adb8856549b3ddc4ba7fe79a4c55571f0b4e7fcf22d8d398a6f729b2658
SSDEEP

24576:6xH5WzzY8ZwB+0lGKBu+pS0+M3tb0pvaep5ZGr3oyGn:yyk8ZwB+DKBu/0J3tCieDsr0n

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2436 wrote to memory of 64	2436	rundll32.exe	86
PID 2436 wrote to memory of 64	2436	rundll32.exe	86
PID 2436 wrote to memory of 64	2436	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\abbfd2ccf155eb009167feb165eb53d0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2436
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\abbfd2ccf155eb009167feb165eb53d0.dll,#1
  2⤵
  PID:64