cddc7c774570b556d8d391203f8084e97850f3cee8a482a0c36ea74de348da2f

Analysis

max time kernel
127s
max time network
139s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
23/07/2023, 22:52

Target

languages/en_XM/WDBackupVSC - Copy.dll
Size

13KB
MD5

edc67208f16c68027016a8cc1e3a71b0
SHA1

d86cec5ff03a3d1ff9a05a3972fdeb03f4d9a362
SHA256

e5f3ecbb575d40a150d14728b9d8e702b34620375e2631ce1b04b7fb367e1b5d
SHA512

ccc2b04396cedc977b637c7df5247364f0e719ade8b5f5a1bfd05c16e7e8f49c87c5e5cfbdc7e7517d6890735694a983fad0b1550f452768757ea6a8704e6c0b
SSDEEP

192:fNkuiP+hgZk3ymyb8z6Ij1bbcDVnYe+PjPPrIztB+vvtr9ZCspE+TM4rpaVo:fDiPn8Z5jlbcRnYPLExZeM0

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 3428	2780	rundll32.exe	70
PID 2780 wrote to memory of 3428	2780	rundll32.exe	70
PID 2780 wrote to memory of 3428	2780	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\languages\en_XM\WDBackupVSC - Copy.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\languages\en_XM\WDBackupVSC - Copy.dll",#1
  2⤵
  PID:3428