e204eb1447e8bf50335749d0fdf1de08923767384b2d7d6d7b3a0def64fdc6ef

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/12/2023, 21:28

Target

f957cb3d431ab9d419b4c56aadc25441.dll
Size

370KB
MD5

f957cb3d431ab9d419b4c56aadc25441
SHA1

c49f9bd4c0811d81da834488d1304647c731bede
SHA256

e204eb1447e8bf50335749d0fdf1de08923767384b2d7d6d7b3a0def64fdc6ef
SHA512

d741d4c43780c5e386f05f83e990c691c524956bdd4b2ff3fbe897509084bcfdf7f3e4f1823bf220904b61866297ffe5e6edb314b55060e6de8b4fb5b0e18441
SSDEEP

6144:3tLQTnlVI24phWAzULs5GjgypYLjEL3i+wOD6rbX3xGJV3C:3ZQTnPxFLs5G0TILurjS3C

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5040 wrote to memory of 4272	5040	rundll32.exe	87
PID 5040 wrote to memory of 4272	5040	rundll32.exe	87
PID 5040 wrote to memory of 4272	5040	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\f957cb3d431ab9d419b4c56aadc25441.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5040
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\f957cb3d431ab9d419b4c56aadc25441.dll,#1
  2⤵
  PID:4272

memory/4272-0-0x0000000000FE0000-0x0000000001034000-memory.dmp

Filesize
336KB

Download