e4c92d3b44d7a74d3b4af43dd3a3aec751c3c67771fc52e4f91e1a0b6f235a71

Analysis

max time kernel
139s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230824-en
resource tags

arch:x64arch:x86image:win10v2004-20230824-enlocale:en-usos:windows10-2004-x64system
submitted
28-08-2023 01:43

Target

e4c92d3b44d7a74d3b4af43dd3a3aec751c3c67771fc52e4f91e1a0b6f235a71.dll
Size

108KB
MD5

796c349ac225f003c8e0d25c33f3449b
SHA1

6026db5563fb643c7b8e09fcf4a4ce11e13f24b5
SHA256

e4c92d3b44d7a74d3b4af43dd3a3aec751c3c67771fc52e4f91e1a0b6f235a71
SHA512

2a82260ed410b92c2eb8c427110dd1e73fe8054531a2e40a9228acd9f9195e0afc06e0cc4d16c9968b356e731ce62bfe19fc0e079188034ee51cbd8057435b1a
SSDEEP

3072:b35ka+zDnQt8laF7WOxbKsls1N6c8K+X3GsGbaGWWFr:lT+zVQ9b3lsP/tPP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3960 wrote to memory of 768	3960	rundll32.exe	84
PID 3960 wrote to memory of 768	3960	rundll32.exe	84
PID 3960 wrote to memory of 768	3960	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4c92d3b44d7a74d3b4af43dd3a3aec751c3c67771fc52e4f91e1a0b6f235a71.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3960
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\e4c92d3b44d7a74d3b4af43dd3a3aec751c3c67771fc52e4f91e1a0b6f235a71.dll,#1
  2⤵
  PID:768