4b21258c55e0047a5c00cd901ca6c36f8b3a81b98c29950e384830eaa3ec4c47

Analysis

max time kernel
141s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31-12-2023 06:40

Target

osiris8.4.19/Osiris.dll
Size

534KB
MD5

d392fe45ee0f8866e419eabb8ae528ef
SHA1

8906bc736d241fe279e6ff6e496f0d2bdf0482cc
SHA256

0ac70f09cc68d46d70135c6d4c08a3e40c42fd6f026fc7df2eb043f8d0e6161b
SHA512

b367719ed6d10321a967f7a43bf693029e03c61a75a3a694b16a142ca3b6471b873d6c64fbf032a9074f63d7215a93a8569043e6f7d7c0e9efb5884890a4b8df
SSDEEP

6144:qSElvc9Fnl2SwEA8gcYi2IUFOMWou9a7h2pHVRLz0APYN92ItNkmc4d20E+CX:qvtc9FNa9fgr9a7kHD06Itmn4d20E

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1636 wrote to memory of 4996	1636	rundll32.exe	44
PID 1636 wrote to memory of 4996	1636	rundll32.exe	44
PID 1636 wrote to memory of 4996	1636	rundll32.exe	44

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\osiris8.4.19\Osiris.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1636
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\osiris8.4.19\Osiris.dll,#1
  2⤵
  PID:4996