69fd23bffaf8b3909cfdf0b0933e735cd9d9948a8db585404209cceface2c2e8

Analysis

max time kernel
144s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
26/12/2023, 15:23

Target

78a9f44eb75e29f319ee71fff465d8df.dll
Size

92KB
MD5

78a9f44eb75e29f319ee71fff465d8df
SHA1

d606633f5d20385460d84cd82389f3494abbae8d
SHA256

69fd23bffaf8b3909cfdf0b0933e735cd9d9948a8db585404209cceface2c2e8
SHA512

b3b696de063c65de17716098655d1b11c995ae2d4ebcf5f187e191adfc2d3b80ef95c5c2c9bebb47e9df1ed654caf302bcb912d60fde215ab17296f9ac2a6aff
SSDEEP

1536:GOtggvDUBV5JydKSkUktShWAD+KQbbDFbbGMko7YaSxfCQD:GK70V5JydK7U42WAD+ZDFbhkOYnD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2744 wrote to memory of 4508	2744	rundll32.exe	14
PID 2744 wrote to memory of 4508	2744	rundll32.exe	14
PID 2744 wrote to memory of 4508	2744	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78a9f44eb75e29f319ee71fff465d8df.dll,#1
1⤵
PID:4508

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\78a9f44eb75e29f319ee71fff465d8df.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2744

memory/4508-7-0x0000000000860000-0x000000000086D000-memory.dmp

Filesize
52KB

Download
memory/4508-6-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/4508-5-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/4508-2-0x0000000010000000-0x000000001000C000-memory.dmp

Filesize
48KB

Download
memory/4508-0-0x0000000000860000-0x000000000086D000-memory.dmp

Filesize
52KB

Download