f41361260452ca88234175b4ab0aaa458178fb5c22a4798b4c68cafd3602e11d

Analysis

max time kernel
140s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2023 14:34

Target

LVANLYS.DLL.4.dll
Size

1.1MB
MD5

a3ab9487e0b22fc4649a8740ee1a9b93
SHA1

31c04b32826659370e9710f7a19978786945bea4
SHA256

ccccef69b29da22e543eeec2148eeab3984cc34f8bc2efd6e9083dc1750abcde
SHA512

7a4992313ecbc38577e4618b125f0e84a12eb9b2bd244a6a1c2a814097fa5cc20d9ddb85a4316931db0c464cf8889399335900c718e3b18a66570ae69c101896
SSDEEP

12288:zGdEwW11qjgBHmXxLfO4TEFps2RPjGBRwvbCAV8dcnRkstAC+sfBsl7pIaN7yaSx:zGawW11+xL2bDscLGByidcnfH8pIj/W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 3924	1324	rundll32.exe	88
PID 1324 wrote to memory of 3924	1324	rundll32.exe	88
PID 1324 wrote to memory of 3924	1324	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\LVANLYS.DLL.4.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\LVANLYS.DLL.4.dll,#1
  2⤵
  PID:3924