18a2de50c8db41d3bc8b9603da7d22e40e580b5bea6a88f3e4c713b20f64ab41

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
01-01-2024 21:48

Target

3df71e0412f3e57e5a6b248bf3f6c7cf.dll
Size

116KB
MD5

3df71e0412f3e57e5a6b248bf3f6c7cf
SHA1

9969923827c29ce025ea8051077ca568005a7795
SHA256

18a2de50c8db41d3bc8b9603da7d22e40e580b5bea6a88f3e4c713b20f64ab41
SHA512

a93f2362d97cd4161b1c049eeff64b56eed104565b0ef6beb29b34150c1f08263a54bda76053db1082c28ab4af17fbb24737cf073563e986bb3fb95ca1fe1bc7
SSDEEP

3072:GkBVrmUiahgwQeoZDgjT/d0m3ZuAKtOxmitmKqL46C9dilB:epwQ3yZrWOPmhbAw

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5000 wrote to memory of 1824	5000	rundll32.exe	88
PID 5000 wrote to memory of 1824	5000	rundll32.exe	88
PID 5000 wrote to memory of 1824	5000	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3df71e0412f3e57e5a6b248bf3f6c7cf.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5000
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3df71e0412f3e57e5a6b248bf3f6c7cf.dll,#1
  2⤵
  PID:1824

memory/1824-0-0x0000000000E50000-0x0000000000E5B000-memory.dmp

Filesize
44KB

Download
memory/1824-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download