c2b8e2cdd97914d5de49bbf8daf5a0b5918dce4136376a6ae3d9c42b481e6c4c

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 22:19

Target

c1bfbe2f5e110f32259d0a14de1afa5b.dll
Size

80KB
MD5

c1bfbe2f5e110f32259d0a14de1afa5b
SHA1

3caeb8209593187950c7c80fd188096b542582e4
SHA256

c2b8e2cdd97914d5de49bbf8daf5a0b5918dce4136376a6ae3d9c42b481e6c4c
SHA512

a2e0754c1520524cd99ab9e96225b7d32f346fec8a08575c5a74ef2ad068060d7ea523a30c738367bb6072aa0f91d2747fc8ac759a915406b4b9d305f82fa1d3
SSDEEP

1536:zmpox5mWmSjacVLmjM8U+vzuRnX7zDIOOMHqr/PgxmeEPHl:6yjaqLmouvyR7IOBHqUEPH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 2800	4416	rundll32.exe	86
PID 4416 wrote to memory of 2800	4416	rundll32.exe	86
PID 4416 wrote to memory of 2800	4416	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1bfbe2f5e110f32259d0a14de1afa5b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c1bfbe2f5e110f32259d0a14de1afa5b.dll,#1
  2⤵
  PID:2800