eaef1d4489c3943ae8ea075d1ba1bfd2c6401448df7d1adc369f5fb25653fa83

Analysis

max time kernel
145s
max time network
138s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
11/03/2024, 15:42

Target

c0f76cd5afda0ddfc36fe0f31a0f10cb.dll
Size

33KB
MD5

c0f76cd5afda0ddfc36fe0f31a0f10cb
SHA1

6ba22dd32f29c182002b4647e2fb2954ae4507f7
SHA256

eaef1d4489c3943ae8ea075d1ba1bfd2c6401448df7d1adc369f5fb25653fa83
SHA512

403f9cf73e6eb772aa95c68f49dfaf8d438e3efad6711a05cacf540fc71276389555271a75972328bc88a7765d7690665d582a93024a0ce5897342e08149df13
SSDEEP

768:OvElYOWWUIv9WaTy2hYs6twX8dedW6TBFy0JmLot9oIwEju:HYhIldTy2hYs6i26zy0Zt9PK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3620 wrote to memory of 448	3620	rundll32.exe	87
PID 3620 wrote to memory of 448	3620	rundll32.exe	87
PID 3620 wrote to memory of 448	3620	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0f76cd5afda0ddfc36fe0f31a0f10cb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c0f76cd5afda0ddfc36fe0f31a0f10cb.dll,#1
  2⤵
  PID:448