163265111551d46b99f7f456717d0e224c7e0473f2fde7c21b234a8467cc2b00

Analysis

max time kernel
150s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 11:07

Target

35d00da96d36c97869d7be7bd7d287f0_JC.dll
Size

1.5MB
MD5

35d00da96d36c97869d7be7bd7d287f0
SHA1

8e33f258996e81b9b82046f03bb8eed1f95f6200
SHA256

163265111551d46b99f7f456717d0e224c7e0473f2fde7c21b234a8467cc2b00
SHA512

6860a5f58a0d343cf66ec16ad421ab6209150c6c172405b55842c8d111f2cc610a3183f7a241a2712b77f1e9b3aceb142f1bcb620d825c08a98236207628bcc9
SSDEEP

24576:U/Z03s3Az0XDVkQ2+lQknHwi6+csawhKLGeMS91XsGkZ/89nGaQ6iL:U/Z0MNTVj2nk3hKDMS9FsGc/8nt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4424 wrote to memory of 8	4424	rundll32.exe	86
PID 4424 wrote to memory of 8	4424	rundll32.exe	86
PID 4424 wrote to memory of 8	4424	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\35d00da96d36c97869d7be7bd7d287f0_JC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4424
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\35d00da96d36c97869d7be7bd7d287f0_JC.dll,#1
  2⤵
  PID:8

memory/8-0-0x0000000002DC0000-0x0000000002DC6000-memory.dmp

Filesize
24KB

Download
memory/8-1-0x0000000010000000-0x0000000010182000-memory.dmp

Filesize
1.5MB

Download
memory/8-3-0x0000000002F50000-0x0000000003063000-memory.dmp

Filesize
1.1MB

Download
memory/8-4-0x0000000003070000-0x0000000003167000-memory.dmp

Filesize
988KB

Download
memory/8-7-0x0000000003070000-0x0000000003167000-memory.dmp

Filesize
988KB

Download
memory/8-8-0x0000000003070000-0x0000000003167000-memory.dmp

Filesize
988KB

Download