079a1988550125bb31c512e66c6d2ba7f3cdc406e3d138ea0bed55e145f559e3

Analysis

max time kernel
142s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 12:41

Target

368383d69bad9c42bc5be46e6c37157b.dll
Size

83KB
MD5

368383d69bad9c42bc5be46e6c37157b
SHA1

a8323ae87619ae58b4aa9e3818ec8e0700778dcd
SHA256

079a1988550125bb31c512e66c6d2ba7f3cdc406e3d138ea0bed55e145f559e3
SHA512

801bfba618694bcfedbdcda248f2d7130aa3cab34dea46fd2e6e57db38411c7899d1f2c3e75bd2a7b440acd50a31647df8b2f76d07e0ba69c1009c5543c99ed9
SSDEEP

768:2o1Lpf8D9SlezOao4XZl0H8AeXumzwRlFIYX3y/IzR2SUhcs+d6nr+Ql:r1LpqSwZl06um0aYHjzR2SUiDd2ai

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 564 wrote to memory of 2360	564	rundll32.exe	35
PID 564 wrote to memory of 2360	564	rundll32.exe	35
PID 564 wrote to memory of 2360	564	rundll32.exe	35

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\368383d69bad9c42bc5be46e6c37157b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:564
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\368383d69bad9c42bc5be46e6c37157b.dll,#1
  2⤵
  PID:2360

memory/2360-0-0x0000000010000000-0x0000000010027000-memory.dmp

Filesize
156KB

Download