4eb3693cc048e78bef5eee854b8007c0e2f445668e0d01d216daa7324f031779

Analysis

max time kernel
135s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
09/05/2023, 07:24

Target

4eb3693cc048e78bef5eee854b8007c0e2f445668e0d01d216daa7324f031779.dll
Size

1.5MB
MD5

0b30852d3ec3af04d6fbc2cfe05b1606
SHA1

a1434b4c80d0505900048555a0f8a0d204e9b702
SHA256

4eb3693cc048e78bef5eee854b8007c0e2f445668e0d01d216daa7324f031779
SHA512

e5b91675be509031996cd1ee14a3e31694ac0381b7e93e6bb7143be896b9599488f0d2f711f50473218c2e6b8b682b759d133e65128fa16e6f6d709268acaccd
SSDEEP

24576:XQydPb7eCsca9dQkrN2eW8pgTqD0739ozAPglel1EBeFM0Q5vmLJ+/:jWCscOa80qD0C8glecQFJQsLJ2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5096 wrote to memory of 532	5096	rundll32.exe	84
PID 5096 wrote to memory of 532	5096	rundll32.exe	84
PID 5096 wrote to memory of 532	5096	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4eb3693cc048e78bef5eee854b8007c0e2f445668e0d01d216daa7324f031779.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5096
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4eb3693cc048e78bef5eee854b8007c0e2f445668e0d01d216daa7324f031779.dll,#1
  2⤵
  PID:532

memory/532-133-0x00000000750D0000-0x0000000075261000-memory.dmp

Filesize
1.6MB

Download