36f4a643b55ba7dcba92c8a8e1ef5f05bf2acc1d866ea1d8752a926f848cca44

Analysis

max time kernel
151s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
29/12/2023, 20:03

Target

bugfire/withNoWepChangewoInstaDefuse.dll
Size

303KB
MD5

81854cac9b6a04666e0d92ea62256641
SHA1

22652ac71dd1123dca31e215101ca40b70ca95a3
SHA256

cee65c35cd586320409e519f34ef36db730f8d1c3d4b3c07bbdfeb83221a9121
SHA512

0ac2c86ab0157c07ac96e02e305068a6a5151308552ecb621bc5e9dad6dbb485a5cae739004da7e95ae416075556a66273ba74002afd2b1b99a940f29a75ad67
SSDEEP

6144:BuqctITXxcZcyGUtvNJNI9iiYwh2m888888888888W88888888888:kOQcyRXCdYwhp888888888888W88888P

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 1148	5084	rundll32.exe	91
PID 5084 wrote to memory of 1148	5084	rundll32.exe	91
PID 5084 wrote to memory of 1148	5084	rundll32.exe	91

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bugfire\withNoWepChangewoInstaDefuse.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bugfire\withNoWepChangewoInstaDefuse.dll,#1
  2⤵
  PID:1148

memory/1148-0-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/1148-1-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download