c0d180391e986e658626dc2a70b88742ada63b5e093dac7ec10fd547af224e9e

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 15:46

Target

b512becb197f4e8e4e636e6eb8095a38.dll
Size

36KB
MD5

b512becb197f4e8e4e636e6eb8095a38
SHA1

08ef98e76b9a3f6ac753463671e55c5fa0b0394b
SHA256

c0d180391e986e658626dc2a70b88742ada63b5e093dac7ec10fd547af224e9e
SHA512

3b795556d9b7df94fd49f2c2c39c8f24f0ab1e4130c6b2ea1287ac5d55575603837c6454c95adc09ee29ab47efc923fe151046ce2ab05cabd3854acf13351ae1
SSDEEP

384:28Vw4bUnZFHmwf7eBOajTfqDAd8YYN3T0SnuBBQARQkne3/SValE:28Vw427KIAd8YYNj0SuBBQARQkCSV2E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1468 wrote to memory of 2252	1468	rundll32.exe	89
PID 1468 wrote to memory of 2252	1468	rundll32.exe	89
PID 1468 wrote to memory of 2252	1468	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\b512becb197f4e8e4e636e6eb8095a38.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1468
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\b512becb197f4e8e4e636e6eb8095a38.dll,#1
  2⤵
  PID:2252