180b79bb107985987d6bc14de2ecee7948cb023bc455818100b6521059fdd829

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 13:38

Target

jmrj/软件杂编/sys/VB40032.dll
Size

704KB
MD5

17db6a514b5fdc737dd44ba49ad6d76e
SHA1

eb61d1c7f72a45c12b1e96cea4daa5dd15384d99
SHA256

0f1604c9a7398cbb317383799b88c4e1aa7ce0b2c968392f0a7a9ddff22ec57d
SHA512

190f61e52821472ff1d80cd16141fb62461abdea256a93dc7e28b8010b03aa19ad228d4a5481aa1d57ea19e3fb574223ec862c7239645b5983fd1194eb012db8
SSDEEP

12288:RndAhEvNT5svP63p88sHHGsNY3u3lB1PsSU0iTlQaWafYLukI5:BdAhEvNT5sH63poGsNY3uVP/U0ylbWkf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4160 wrote to memory of 5108	4160	rundll32.exe	87
PID 4160 wrote to memory of 5108	4160	rundll32.exe	87
PID 4160 wrote to memory of 5108	4160	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\jmrj\软件杂编\sys\VB40032.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4160
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\jmrj\软件杂编\sys\VB40032.dll,#1
  2⤵
  PID:5108