8c8a1a0afaa57227b2aaeb8d58a458e091695eac98ff257e4b2a993db17375ae

Analysis

max time kernel
136s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
21-09-2023 16:22

Target

RodeMixer_Setup_beta/rodeOutput3.dll
Size

192KB
MD5

52c43baddd43be63fbfb398722f3b01d
SHA1

be1b1064fdda4dde4b72ef523b8e02c050ccd820
SHA256

8c91023203f3d360c0629ffd20c950061566fb6c780c83eaa52fb26abb6be86f
SHA512

04cc3d8e31bd7444068468dd32ffcc9092881ca4aaea7c92292e5f1b541f877bdec964774562cb7a531c3386220d88b005660a2b5a82957e28350a381bea1b28
SSDEEP

3072:5dv7LPsQZTaBdJAnX0x8YJqZ/2NTBf4+oGlM0W7Ubof:53VaBdmX0x8YJqZ/2NTBQ+Y

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3312 wrote to memory of 3984	3312	rundll32.exe	43
PID 3312 wrote to memory of 3984	3312	rundll32.exe	43
PID 3312 wrote to memory of 3984	3312	rundll32.exe	43

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\RodeMixer_Setup_beta\rodeOutput3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3312
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\RodeMixer_Setup_beta\rodeOutput3.dll,#1
  2⤵
  PID:3984