e0b8d911f8bcf54b99b3f2315a61c5a323eb9a8a132cc988235da864718578fb

Analysis

max time kernel
128s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230831-en
resource tags

arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
submitted
02/09/2023, 14:09

Target

FlDTEImpresionPE_JC.dll
Size

28KB
MD5

3e763883cc8aa0c7e469c2487bc84e3f
SHA1

c6bbe56e4681badb31b07707717c56919f8e1a93
SHA256

e0b8d911f8bcf54b99b3f2315a61c5a323eb9a8a132cc988235da864718578fb
SHA512

57b2f5ff934b4197ad2d19e41b3e425a0b66b0f4da07fbb2558588b6184562824fd5523fe22e00f4ad01a99e452014072648fbe2fe6b72e74a49da5f1499cc43
SSDEEP

192:L7mEXmIk6uN81g0Te5Q4HmC60Xn1ZVCnlYJL/ePkX9F5RKMzXdXjUqSBM:LismbTh08XnnxqPG9F5RKMzX8M

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4328 wrote to memory of 1600	4328	rundll32.exe	44
PID 4328 wrote to memory of 1600	4328	rundll32.exe	44
PID 4328 wrote to memory of 1600	4328	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\FlDTEImpresionPE_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4328
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\FlDTEImpresionPE_JC.dll,#1
  2⤵
  PID:1600