3af83ad8729667626f3bf1b6d6b7613ca998b9b810afb711098b029ca104f7e3

Analysis

max time kernel
138s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:28

Target

1480d9f1340d850d1df49d09f6ccb6ac.dll
Size

43KB
MD5

1480d9f1340d850d1df49d09f6ccb6ac
SHA1

dc05a8629792c9d86959bf1859e6bda63a5b1e1b
SHA256

3af83ad8729667626f3bf1b6d6b7613ca998b9b810afb711098b029ca104f7e3
SHA512

6d8a0aaf792029ef0327a7b288946b72d0446d7a7f480787e7bcdf35b59878b670137847c0a10eb9acb4dca6fcf863de6e94759fe5f42a34bf5fe99858e4a618
SSDEEP

768:fsq7s8fgcNQzc2v3y3OqADQXu78YwzlwWZXsfBbrm77m7oSEoj:5F5qoOqADQX/YwJwWZXsfB9MSEk

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5056 wrote to memory of 2624	5056	rundll32.exe	14
PID 5056 wrote to memory of 2624	5056	rundll32.exe	14
PID 5056 wrote to memory of 2624	5056	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1480d9f1340d850d1df49d09f6ccb6ac.dll,#1
1⤵
PID:2624

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1480d9f1340d850d1df49d09f6ccb6ac.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5056

memory/2624-0-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download
memory/2624-1-0x0000000000C60000-0x0000000000C61000-memory.dmp

Filesize
4KB

Download
memory/2624-2-0x0000000010000000-0x0000000010028000-memory.dmp

Filesize
160KB

Download