4c92997d0ef696acfb50633416902e6b7b3cccca6fd98721bd2658c846fd9576

Analysis

max time kernel
149s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 14:44

Target

mtkjw/vclbase.dll
Size

876KB
MD5

aa4bb917ec754f0ce3a4cd90ace78ba6
SHA1

2be0c5d7a56529f7f838f7bea04ad6283355a9bf
SHA256

5b5184fb881e7bc95de31a510218ba06affb1e52c9593ae53c69388a285ff912
SHA512

c97c23e01bf27c76865ea6c44c0b64fc24598b92a619402516133b1c7536a44757934626711355ac173e085f34e70dae1aab85afbc61fb2ba853d44793270009
SSDEEP

12288:gmRfF8e019spmHcya1HH40sZ+IKjBTLb1Tw3oDp2rIaHVLcEgrobz+O:bBcspbY0sY1Vr1T4q2rI8N4ro

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1088 wrote to memory of 3284	1088	rundll32.exe	87
PID 1088 wrote to memory of 3284	1088	rundll32.exe	87
PID 1088 wrote to memory of 3284	1088	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\mtkjw\vclbase.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1088
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\mtkjw\vclbase.dll,#1
  2⤵
  PID:3284

memory/3284-0-0x0000000000BA0000-0x0000000000C80000-memory.dmp

Filesize
896KB

Download