e7d5b6b58bd5f4bb3f4dfd37a48f5116c542dbaa7b13ad3e0917cb658d98a6b3

Analysis

max time kernel
149s
max time network
139s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 05:17

Target

29af2fc5155c28c5888765a6168068a0.dll
Size

88KB
MD5

29af2fc5155c28c5888765a6168068a0
SHA1

07f867410c02b842ec096baefb79e1e8a0f35531
SHA256

e7d5b6b58bd5f4bb3f4dfd37a48f5116c542dbaa7b13ad3e0917cb658d98a6b3
SHA512

e5fe8201ca6ce0bb0eb1ea566c8230adc68ff21124cb02bbc4895bbea01fa309a08e2307f36b7cc707ca6b8555739a664ae392d86f3c8aea02a8c68f88d23f16
SSDEEP

1536:PrcCnf2bLzbNmUfT31Pu20WSL/LwRwFhHo13Z8Cx7LwCDkPoYz/Gd+:YeyVmo/0WQLwihItZB1wCDkP0U

Score

1^/10

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
4212	rundll32.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1600 wrote to memory of 4212	1600	rundll32.exe	14
PID 1600 wrote to memory of 4212	1600	rundll32.exe	14
PID 1600 wrote to memory of 4212	1600	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29af2fc5155c28c5888765a6168068a0.dll,#1
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4212

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\29af2fc5155c28c5888765a6168068a0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1600

memory/4212-1-0x00000000008A0000-0x00000000008B4000-memory.dmp

Filesize
80KB

Download
memory/4212-2-0x0000000000860000-0x000000000087D000-memory.dmp

Filesize
116KB

Download
memory/4212-0-0x00000000008A0000-0x00000000008B4000-memory.dmp

Filesize
80KB

Download