42b3bf1f4ecc8f87f3065847711467bf7924edc6b8bb48627f35b466a2954e92

Analysis

max time kernel
148s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24-12-2023 22:26

Target

15a225987e045ecf0f64c8cd8c6a6f02.dll
Size

96KB
MD5

15a225987e045ecf0f64c8cd8c6a6f02
SHA1

05a2f52dcb0536709610576d7f8681fce646bf17
SHA256

42b3bf1f4ecc8f87f3065847711467bf7924edc6b8bb48627f35b466a2954e92
SHA512

47f22d0189cecceef06d5032899a9344e710c95d288dec0324ec391041d14b7ee05112d59b6c8bcf6cc076d9fd5936a358ea2bc1fddf3fc41f48108efe4522ec
SSDEEP

1536:5sGaI5mWuvWzTk8GxM8BL2bnY5eth5aW0YyVCTFpDWjfp7Dr:252KkTNv8B6bY5etweLDMR7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4800 wrote to memory of 744	4800	rundll32.exe	88
PID 4800 wrote to memory of 744	4800	rundll32.exe	88
PID 4800 wrote to memory of 744	4800	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\15a225987e045ecf0f64c8cd8c6a6f02.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4800
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\15a225987e045ecf0f64c8cd8c6a6f02.dll,#1
  2⤵
  PID:744

memory/744-0-0x0000000002BC0000-0x0000000002BD4000-memory.dmp

Filesize
80KB

Download
memory/744-1-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/744-2-0x0000000010000000-0x0000000010013000-memory.dmp

Filesize
76KB

Download
memory/744-3-0x0000000002BC0000-0x0000000002BD4000-memory.dmp

Filesize
80KB

Download