f763bad24355c9069435747d1b2fac32d7a0814a6f8ad9faff892558f9c18721

Analysis

max time kernel
188s
max time network
302s
platform
windows10-1703_x64
resource
win10-20230915-en
resource tags

arch:x64arch:x86image:win10-20230915-enlocale:en-usos:windows10-1703-x64system
submitted
10/10/2023, 05:04

Target

qz8t8xRn.dll
Size

2.6MB
MD5

1b4f03d4df76403762df6ef700b0df43
SHA1

1912790b8a3e1ce37bc704d21b7307dab0fbcb71
SHA256

f763bad24355c9069435747d1b2fac32d7a0814a6f8ad9faff892558f9c18721
SHA512

e59037b3cca171cdfa728c99889e9ff8221204b3af690db9bc35ca1ff28248bc18ad50e309fdded479e4afb0cc9c2ac1840d9d593c1a64c65b83453478f8aa88
SSDEEP

49152:JG18JQTJl2ocD3et0sl2lCnnHCm0KrSpLtpjMRB3EZk2FdX:JGiJQ/gQ0+nHCm0OsHQXCJX

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2780 wrote to memory of 4776	2780	rundll32.exe	70
PID 2780 wrote to memory of 4776	2780	rundll32.exe	70
PID 2780 wrote to memory of 4776	2780	rundll32.exe	70

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\qz8t8xRn.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\qz8t8xRn.dll,#1
  2⤵
  PID:4776

memory/4776-0-0x0000000003500000-0x0000000003506000-memory.dmp

Filesize
24KB

Download
memory/4776-1-0x0000000010000000-0x000000001028F000-memory.dmp

Filesize
2.6MB

Download
memory/4776-4-0x0000000005200000-0x00000000052FE000-memory.dmp

Filesize
1016KB

Download
memory/4776-5-0x0000000005300000-0x00000000053E5000-memory.dmp

Filesize
916KB

Download
memory/4776-8-0x0000000005300000-0x00000000053E5000-memory.dmp

Filesize
916KB

Download
memory/4776-9-0x0000000005300000-0x00000000053E5000-memory.dmp

Filesize
916KB

Download