f01c43559748ac819c4f364fb0fd1ba94ff9e43653b1b0bff38185aaaff90cc2

Analysis

max time kernel
131s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 11:11

Target

50674617b4dd1c722a5e9e7723113ba2.dll
Size

666KB
MD5

50674617b4dd1c722a5e9e7723113ba2
SHA1

19ebaf67182af04c0ea43bb44bb4cf7dd4ec1746
SHA256

f01c43559748ac819c4f364fb0fd1ba94ff9e43653b1b0bff38185aaaff90cc2
SHA512

e48520a0efe9195e7f6b33a0d76306501cfc64ef72d2c8a40ee1c696a7b156618475e36c89105d9c58e6a33976958540dac5c73f51859b3a25187bd36b28fb9c
SSDEEP

12288:yCC33ug45I8jWtJ83mfmHp6qpWnPD5gYiSLCMylysV0g900Ab69mXzHt64:4ug4ktWvJ6q8PD5hi9MylX0g9piB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3976 wrote to memory of 4900	3976	rundll32.exe	87
PID 3976 wrote to memory of 4900	3976	rundll32.exe	87
PID 3976 wrote to memory of 4900	3976	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\50674617b4dd1c722a5e9e7723113ba2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\50674617b4dd1c722a5e9e7723113ba2.dll,#1
  2⤵
  PID:4900

memory/4900-0-0x00000000745F0000-0x000000007495D000-memory.dmp

Filesize
3.4MB

Download