27f8697de88848da55dcff0c9ecf5f03f35d0b769f8eb99dd2dd88413da26cac

Analysis

max time kernel
156s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/01/2024, 03:51

Target

3fd29e774908f60113895d791880fc06.dll
Size

46KB
MD5

3fd29e774908f60113895d791880fc06
SHA1

b37ba4a739c3040762bd3ee3f9ef221233a1646a
SHA256

27f8697de88848da55dcff0c9ecf5f03f35d0b769f8eb99dd2dd88413da26cac
SHA512

39a792018b548c8e05053d445bc578cd65a2d69c55ebbebb63a9b167b44c3aa4efee8e189fde16527d2639b071b06feb233c699cba84f89d9b26f17a2ba87a8a
SSDEEP

768:kORqkFj9VszmLmUJjAFd+tZYiiQY+esR1HcRG8exh/CNCXrbLuQSnJaTqmDruq0:PRqOj9VsMmNb+Z952RG8ef3YnCBDr6

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1880 wrote to memory of 4212	1880	rundll32.exe	69
PID 1880 wrote to memory of 4212	1880	rundll32.exe	69
PID 1880 wrote to memory of 4212	1880	rundll32.exe	69

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fd29e774908f60113895d791880fc06.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1880
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3fd29e774908f60113895d791880fc06.dll,#1
  2⤵
  PID:4212

memory/4212-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download