2bf3f6545ab4c4f2f21fc88153d8f007c3fe5ad0acb8091c244ef541a5345f11

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2024, 12:40

Target

c8a3e6491e9a3fc9c2a97f9e9c6d6690.dll
Size

26KB
MD5

c8a3e6491e9a3fc9c2a97f9e9c6d6690
SHA1

0c88594cb24c7ac563a2bcb0673685f00a1ee59d
SHA256

2bf3f6545ab4c4f2f21fc88153d8f007c3fe5ad0acb8091c244ef541a5345f11
SHA512

05bb9358a8ee39a79250339b8797a0be72a6e1df227490053e6d373e2fbe319ce00d7953c7c4048ce6755ce81ef265e63d54533a0a2cdfab03d876119178f7e5
SSDEEP

384:al7Cyxn2rzBuVqFTkm4+7v9Q4zSUj0vSt+dCIqR2h0xiMdAWDQK7WIzjx+:E7Cheqhkm4+64eUj0vzCxxj+WDQKhh+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2256 wrote to memory of 2028	2256	rundll32.exe	88
PID 2256 wrote to memory of 2028	2256	rundll32.exe	88
PID 2256 wrote to memory of 2028	2256	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8a3e6491e9a3fc9c2a97f9e9c6d6690.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2256
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\c8a3e6491e9a3fc9c2a97f9e9c6d6690.dll,#1
  2⤵
  PID:2028