e511a22825577e4071eb283931e25b3ac52f759bf5bfca72e3dab6c775146380

Analysis

max time kernel
148s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25-12-2023 05:53

Target

0980d7f2f0b1658d13311f1ac6acb5c3.dll
Size

60KB
MD5

0980d7f2f0b1658d13311f1ac6acb5c3
SHA1

28b0fa1a0a540dbd32009f144cb3c502cfd47b51
SHA256

e511a22825577e4071eb283931e25b3ac52f759bf5bfca72e3dab6c775146380
SHA512

b9308548a6dd51e60ef4b669d5d4be9e270a2bc1364b1cdd68946c2e5c78d590e45067a333488d27adcdd879451b313e9a652467d69520a7bb9cfc54160677a8
SSDEEP

768:b1jHcYJFnlh49YaMu5WqsA7yYFAhvwxyUllvZZBTAuZO8aUqAxesLfrtQHdXaRo5:5HbnNg5gAegAKXptMhUJpLxo8oIeG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 4980	1120	rundll32.exe	88
PID 1120 wrote to memory of 4980	1120	rundll32.exe	88
PID 1120 wrote to memory of 4980	1120	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0980d7f2f0b1658d13311f1ac6acb5c3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0980d7f2f0b1658d13311f1ac6acb5c3.dll,#1
  2⤵
  PID:4980

memory/4980-0-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download