cd06bfeaf36b6c10a5643f41969e66b1308ebb0b90a00ad57c99298f0fc98ec6

Analysis

max time kernel
145s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 18:24

Target

bc7e2045fc44266fae4a20b2920c22b0.dll
Size

224KB
MD5

bc7e2045fc44266fae4a20b2920c22b0
SHA1

1fa7a3189c2ed02160a2a1c24e9a77cedc92356c
SHA256

cd06bfeaf36b6c10a5643f41969e66b1308ebb0b90a00ad57c99298f0fc98ec6
SHA512

53720b7506098a53423b5b495cdf2e09c87398b4e74a3199cd4ea43c558d049c41a06e905d3b28fc8a196b3eb4be458cf721fbb90b1f4861d29821fe5bc602b6
SSDEEP

3072:/EwM94PuKOzvYrXHg5ERCJg0zHp82Gd2J6yxlFpbUXp7p0ZWiP6vevlnCGkJqDy4:sswSA5oag0zH+2Yg6yxnCBCn8FG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 844 wrote to memory of 4372	844	rundll32.exe	86
PID 844 wrote to memory of 4372	844	rundll32.exe	86
PID 844 wrote to memory of 4372	844	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc7e2045fc44266fae4a20b2920c22b0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:844
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bc7e2045fc44266fae4a20b2920c22b0.dll,#1
  2⤵
  PID:4372