ff809f35087a7bce74800b3e4e959b3873e76c3dd6d7df29275c3dc6571b3f82

Analysis

max time kernel
131s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 07:51

Target

55e4d96c492840577c708085b47c5364.dll
Size

361KB
MD5

55e4d96c492840577c708085b47c5364
SHA1

a48eea491a0fb8622848e6b4ff8bafe608617dbb
SHA256

ff809f35087a7bce74800b3e4e959b3873e76c3dd6d7df29275c3dc6571b3f82
SHA512

eb48785c900c7e647ecfe38e7f7199039b63ba7958c380027aac2e4dfc149fab8c14e3c9d7c1c4313c16c7a603198a677c96c869fe23d47dfec53d62e9255909
SSDEEP

6144:UEt3G8K9Sq8oJKls0y13HfNeQwh3GKxXZZ0PIGDwgJfRVzv9:UEt3EsqtD/NeQwh3dZZ0wCwgNRVj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 832 wrote to memory of 960	832	rundll32.exe	14
PID 832 wrote to memory of 960	832	rundll32.exe	14
PID 832 wrote to memory of 960	832	rundll32.exe	14

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55e4d96c492840577c708085b47c5364.dll,#1
1⤵
PID:960

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\55e4d96c492840577c708085b47c5364.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:832

memory/960-0-0x00000000750C0000-0x0000000075122000-memory.dmp

Filesize
392KB

Download
memory/960-1-0x00000000750C0000-0x0000000075122000-memory.dmp

Filesize
392KB

Download