cbe215637450f2f3ac8c6fca2f50ba97324cbce2048ceba609627dad68bfcca2

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 14:11

Target

cbe215637450f2f3ac8c6fca2f50ba97324cbce2048ceba609627dad68bfcca2.dll
Size

319KB
MD5

44bba4d1a829a10d8b351d6026704a96
SHA1

0290abf0530a2fd2dfb0de29248ba3cabb58d2ad
SHA256

cbe215637450f2f3ac8c6fca2f50ba97324cbce2048ceba609627dad68bfcca2
SHA512

7213a88d50e32a232d188971761dae9faaf02bf028421942e1b60f32cd340ab5951965d3336822e8755c2a808ff7ee39e0b1a9f8e3841f682fbd867a469404a4
SSDEEP

6144:xVCEfET8L9c+lsk1EC3ldTIvnTJprrZVKWALjZu43ehvOTH7WX:xVCoETKEC3TULJprdnKjZu43ehi7WX

Score

8^/10

Blocklisted process makes network request 1 IoCs

flow	pid	Process
41	4680	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 644 wrote to memory of 4680	644	rundll32.exe	84
PID 644 wrote to memory of 4680	644	rundll32.exe	84
PID 644 wrote to memory of 4680	644	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbe215637450f2f3ac8c6fca2f50ba97324cbce2048ceba609627dad68bfcca2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\cbe215637450f2f3ac8c6fca2f50ba97324cbce2048ceba609627dad68bfcca2.dll,#1
  2⤵
  - Blocklisted process makes network request
  PID:4680