1e8a74693d02b34ba0b36090573992504ddd8b2f3b989daa7d17ca200a2370d2

Analysis

max time kernel
137s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2024 11:12

Target

48d0ed866a9cfa1999b01c9a38af9dec.dll
Size

46KB
MD5

48d0ed866a9cfa1999b01c9a38af9dec
SHA1

a0c2d45c937e3af444a52df0fb74885c2ea43811
SHA256

1e8a74693d02b34ba0b36090573992504ddd8b2f3b989daa7d17ca200a2370d2
SHA512

1d98b12de620a317276eb9efbf0a8e3ad152746ea2c2116e681d7ffd7e329e80b67aa1dd87d7ac1d2fe226f67a6e4e7bd1063cde49e7e85fa1b03344d4bd92c9
SSDEEP

768:d/cCMXD1E0ViFi+p+vxRRbM3ew/F4C4qN8+LfzcDnz:dOXDC0Vecv/dM3eYv4qdzkn

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2068 wrote to memory of 4920	2068	rundll32.exe	88
PID 2068 wrote to memory of 4920	2068	rundll32.exe	88
PID 2068 wrote to memory of 4920	2068	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d0ed866a9cfa1999b01c9a38af9dec.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2068
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\48d0ed866a9cfa1999b01c9a38af9dec.dll,#1
  2⤵
  PID:4920

memory/4920-0-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download