70b0ab8db3f94674a68af6f7450e2e24cdf9f53fcb2a0a3f36ec78b84de90c4a

Analysis

max time kernel
141s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
10/10/2023, 01:22

Target

70b0ab8db3f94674a68af6f7450e2e24cdf9f53fcb2a0a3f36ec78b84de90c4a.dll
Size

40KB
MD5

50b8fae48aba47c1aaac2c4e230f4118
SHA1

4ab8d41492bac0d383761c44cf99c8a3b7c287a3
SHA256

70b0ab8db3f94674a68af6f7450e2e24cdf9f53fcb2a0a3f36ec78b84de90c4a
SHA512

8fd15e2aa12424bb5829e0a9219059472905d833b603684e30359381c030c7eabc7f2b5008f0396144c216b4886507b07076cae54858250667d417c174f166c5
SSDEEP

384:U/N36Ro2Ko78j/0wb/3WFuEQyrkDd82Zz4mbAbBXgu5hDskudtpqWOWXjbQZqHfI:U/NKRo2d7M0XUWgvM//fupqWdXnQsM

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1532 wrote to memory of 5092	1532	rundll32.exe	86
PID 1532 wrote to memory of 5092	1532	rundll32.exe	86
PID 1532 wrote to memory of 5092	1532	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\70b0ab8db3f94674a68af6f7450e2e24cdf9f53fcb2a0a3f36ec78b84de90c4a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1532
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\70b0ab8db3f94674a68af6f7450e2e24cdf9f53fcb2a0a3f36ec78b84de90c4a.dll,#1
  2⤵
  PID:5092

memory/5092-0-0x0000000000F10000-0x0000000000F11000-memory.dmp

Filesize
4KB

Download
memory/5092-1-0x00000000025E0000-0x00000000025E1000-memory.dmp

Filesize
4KB

Download