5ce5f9e641331fae82051151d74db875754169018032147df3bdc3c82a5886b4

Analysis

max time kernel
147s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 17:09

Target

07905e504bbe38b8dfb179c94b941f05.dll
Size

91KB
MD5

07905e504bbe38b8dfb179c94b941f05
SHA1

37db37454f632b4bf6a41b8835ad8d4c1281907c
SHA256

5ce5f9e641331fae82051151d74db875754169018032147df3bdc3c82a5886b4
SHA512

77cf633807f70b5e351e082f7c6440d66a724e196e894c5785ad51ee91405fd3bfc335ee78658db3b06e582414d16cc2aecb0db9b8ddf06d385eb0eb44b9da58
SSDEEP

1536:yOomgB3I+MGJRByZbyLkWl4JHYJUYH0x0aqUln5IUmDjoXF:9omgpIkJRkYkWl41YJX0VqUln5I+

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2032 wrote to memory of 4456	2032	rundll32.exe	37
PID 2032 wrote to memory of 4456	2032	rundll32.exe	37
PID 2032 wrote to memory of 4456	2032	rundll32.exe	37

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\07905e504bbe38b8dfb179c94b941f05.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\07905e504bbe38b8dfb179c94b941f05.dll,#1
  2⤵
  PID:4456

memory/4456-0-0x00000000007F0000-0x00000000007FA000-memory.dmp

Filesize
40KB

Download
memory/4456-4-0x0000000010000000-0x0000000010023000-memory.dmp

Filesize
140KB

Download