8be410717226b5e873c61a30d92a767c6c6492ce6358cd79b2a41cb23dba05cd

Analysis

max time kernel
148s
max time network
127s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
31/12/2023, 13:46

Target

PersonMgrV108A/DspJpgDll.dll
Size

24KB
MD5

783830367b868d8c5f08b325f45918fa
SHA1

ca93a0879bd5a07284d7a8f7ed6579cb241632ad
SHA256

a3e22d0d4fa1cf1453cdc63fe06830065af7bdb1cd763ac6040d7e5752f079d3
SHA512

17cb32cee18d6289f1fa5ff7e866944b4f02321dc13f9433578466389f15b9d7b37ae19d05a2f7c744e09042a96ba26c3ab9e6816450bf790d8ea1d65ab75dc4
SSDEEP

96:ntNi1yv+djmIamykDgZAIwTDyUPayiSH6MWMQ6Li3ggu5Ax8EqnZnPo2LeX4U:ntN8+mykDgZA75ACazL3RoAxHqnZPzU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2136 wrote to memory of 2164	2136	rundll32.exe	14
PID 2136 wrote to memory of 2164	2136	rundll32.exe	14
PID 2136 wrote to memory of 2164	2136	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PersonMgrV108A\DspJpgDll.dll,#1
1⤵
PID:2164

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PersonMgrV108A\DspJpgDll.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2136