97d185239c03939a675a32bc77cf999aafbd04946373552924052e1b23b43463

Analysis

max time kernel
149s
max time network
134s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 06:17

Target

2b733c93b2922ef595a0a6ace99abaf8.dll
Size

5KB
MD5

2b733c93b2922ef595a0a6ace99abaf8
SHA1

20b8d73fc81b33555a398bfa8f607fd3611f4f40
SHA256

97d185239c03939a675a32bc77cf999aafbd04946373552924052e1b23b43463
SHA512

f47877bf6c678a9cf5fe358897a74149d661bd75b4a24cee646ac06f9fbf779b1c59fb215ba9e3c0a38ff25b6bc24f6cee50b6f0ddbdb304a7794f3000dcab36
SSDEEP

96:5RVQ1Dy2DBNOI3fIAZa3D8T0eCZBE6YW6ZdHDZ3TjvLWTijgyaR9kgcwQwTpyGA:58HZzZa3DI0fYWydjtPvLWCgy89kgUwG

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3056 wrote to memory of 1292	3056	rundll32.exe	14
PID 3056 wrote to memory of 1292	3056	rundll32.exe	14
PID 3056 wrote to memory of 1292	3056	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b733c93b2922ef595a0a6ace99abaf8.dll,#1
1⤵
PID:1292

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\2b733c93b2922ef595a0a6ace99abaf8.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3056

memory/1292-0-0x0000000025000000-0x0000000025011000-memory.dmp

Filesize
68KB

Download