ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
15-06-2024 02:39

Target

ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250.dll
Size

368KB
MD5

b3e7667a3df5b72cbb332828158b52d1
SHA1

18f95ab75cd3d63536fb978883b4974c879593b9
SHA256

ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250
SHA512

a78b781a727c6211b6e2951538d898c84ff3a0285d8131ebd56b95338890a7a59e6298709044b04dd1d744baa00e126d696c788f1aa201540ce5415956312dae
SSDEEP

6144:sZBDNZl9JOkKfMMW44Uck9VsyJgxXGHV3vvgqqiv7+/7l6fswLMPlMXq53:MBDNZl9JOkK/ck9VsNpOV3Xof/xyBUt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1976 wrote to memory of 544	1976	rundll32.exe	81
PID 1976 wrote to memory of 544	1976	rundll32.exe	81
PID 1976 wrote to memory of 544	1976	rundll32.exe	81

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ecccde1770249e3ccf22e707380dbd3fa973a82be23ded2f4e0929a89dee4250.dll,#1
  2⤵
  PID:544

memory/544-0-0x0000000010000000-0x0000000010070000-memory.dmp

Filesize
448KB

Download