32f5198d1bbac4f34f02bbf0d5349b2260ab5e4395502976221895db05d8530b

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
25/12/2023, 21:18

Target

3d203efc5f289056004042a8491f3989.dll
Size

55KB
MD5

3d203efc5f289056004042a8491f3989
SHA1

471c681bd004d95eb2debb5c3a4c405959dc1696
SHA256

32f5198d1bbac4f34f02bbf0d5349b2260ab5e4395502976221895db05d8530b
SHA512

19d6caf39d85a3e0cb8f4873367c238acecdf7f265c725407078ff0d373b75593aa2e5a6ac6c8240c661f170b9e18f8aaf2a1958c67c597ab34ae308f3b7cee7
SSDEEP

768:ZlaB+icAWcqRGTQEBNLmPgpXf+wbev/nyD6+6XqK4yRFILAfZt5syKXlNptTLQ7H:e2hJRGWgf+7yWZB4yRiuNsyKX3Tf6U

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 396 wrote to memory of 4032	396	rundll32.exe	88
PID 396 wrote to memory of 4032	396	rundll32.exe	88
PID 396 wrote to memory of 4032	396	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d203efc5f289056004042a8491f3989.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:396
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3d203efc5f289056004042a8491f3989.dll,#1
  2⤵
  PID:4032

memory/4032-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4032-1-0x0000000001330000-0x0000000001331000-memory.dmp

Filesize
4KB

Download
memory/4032-2-0x0000000001450000-0x0000000001464000-memory.dmp

Filesize
80KB

Download
memory/4032-4-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4032-3-0x0000000001470000-0x0000000001471000-memory.dmp

Filesize
4KB

Download
memory/4032-5-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4032-6-0x0000000001450000-0x0000000001464000-memory.dmp

Filesize
80KB

Download