cc31884b430213a1aa0db8e19454eb4fa4e64b8c2a5e21af18d42cfc88c6581c

Analysis

max time kernel
143s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
09/01/2024, 11:32

Target

4e305ee6f9130b694c97c1e64fdae586.dll
Size

21KB
MD5

4e305ee6f9130b694c97c1e64fdae586
SHA1

17a4ff685a2ca8ae1787670603074b7fa4cc63de
SHA256

cc31884b430213a1aa0db8e19454eb4fa4e64b8c2a5e21af18d42cfc88c6581c
SHA512

453242a44595b6e1f5744173dcc8a04000a76b5dd99729bd4da827568ca9e92fa0b1131ea8c8c600fbdb52623ef4f99aa0ee77b6e8f10cff55d48880e6a357cf
SSDEEP

384:6bQPWzOEq+yiVtI89APVDt5Hcm/Aclk/f1/icZMWwxTJTWBzcVa:6bDI8ChLHcPc+/f1/icqfQy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4464 wrote to memory of 3952	4464	rundll32.exe	87
PID 4464 wrote to memory of 3952	4464	rundll32.exe	87
PID 4464 wrote to memory of 3952	4464	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e305ee6f9130b694c97c1e64fdae586.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4464
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\4e305ee6f9130b694c97c1e64fdae586.dll,#1
  2⤵
  PID:3952

memory/3952-0-0x0000000000400000-0x000000000040B000-memory.dmp

Filesize
44KB

Download