d9d8306339ad71f6e941cdc5426ab5fefdfcfcb3cee8e54780e703d6c1e1ac77

Analysis

max time kernel
145s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
07-03-2023 21:09

Target

WorkshopDL/Modules/Download.dll
Size

24KB
MD5

5db542e04642fc8f991bd2a9fa144137
SHA1

cef470ef240e69359af377676cabd3f764600e40
SHA256

62533e8adb19fb58ce6b4067822389fe6697baf9c0cfce7dc0ec1d95fbd2e7aa
SHA512

d88cc82dc2a6e3d1d1b59120836bdf74f505ce45f7bfb1e7a3f2176df8fb2fc23571c424b8a82f20a80277f151a8427e89aa18cfa4d631a12e444dffb3d3fb3d
SSDEEP

96:1VIXWjD1F3Z2YVoBNIRSWccLttnK8PxOHDxdtWsQYWMNYbpY+qz+l1LbtKpQ0JQI:1V4W/1X27VGtPOHD4Ll5btO3dQEKzo

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3008 wrote to memory of 3056	3008	rundll32.exe	63
PID 3008 wrote to memory of 3056	3008	rundll32.exe	63
PID 3008 wrote to memory of 3056	3008	rundll32.exe	63

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\WorkshopDL\Modules\Download.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3008
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\WorkshopDL\Modules\Download.dll,#1
  2⤵
  PID:3056