3a7849461256054c5c9f2a7ec2388076fcd073eed776b16ed17e919a21d696cc

Analysis

max time kernel
140s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 01:02

Target

1efab0c368f73ba929db20d46d0e6caf.dll
Size

150KB
MD5

1efab0c368f73ba929db20d46d0e6caf
SHA1

c001b98e43c4eed35e0e783e4234df46c4295fb9
SHA256

3a7849461256054c5c9f2a7ec2388076fcd073eed776b16ed17e919a21d696cc
SHA512

0df8e2b8443f0db5cde94f2304e347b6e536ca55ce43e6bd1a2aa398bed83c9b66e3df0368a575f82d69c2f8d1ae3bc543a8bd3b27ef3e3b8d8f1a89d045887b
SSDEEP

1536:pRTQsIwIJkuvfZ/AuwhjTUemzoIcV+cYFD63nQtIDmUz2iu6MmpbQ3RPor+RTyfz:tDyxvfGhtx+bDQmIxiShfqsER

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4772 wrote to memory of 4640	4772	rundll32.exe	17
PID 4772 wrote to memory of 4640	4772	rundll32.exe	17
PID 4772 wrote to memory of 4640	4772	rundll32.exe	17

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1efab0c368f73ba929db20d46d0e6caf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4772
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\1efab0c368f73ba929db20d46d0e6caf.dll,#1
  2⤵
  PID:4640

memory/4640-0-0x0000000010000000-0x0000000010029000-memory.dmp

Filesize
164KB

Download