93457a95b7a35675645b763fc0704d5ff1683d6ed7e91a100c6b2803dcacec25

Analysis

max time kernel
152s
max time network
160s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/01/2024, 10:21

Target

563135c2e446ba7670eaff1435a0ea5a.dll
Size

140KB
MD5

563135c2e446ba7670eaff1435a0ea5a
SHA1

2af3eed947b15255deb910eafcc67ff1ab566ba9
SHA256

93457a95b7a35675645b763fc0704d5ff1683d6ed7e91a100c6b2803dcacec25
SHA512

8d5ec63ce863e190290ffd04d6f5913945532d531f73c02acee251a7b3150d11eda622f157688617bf5f1224d7d7de3d09fc13682b4a5bf094a32f82e59950aa
SSDEEP

3072:FFju1pEbWko7BqOe4Am/B8+VGwv093/s+qjDDVQI4f5Lznavfx5N:LICHcu4AsBoU093/ZqjDv4RznEpf

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3172 wrote to memory of 4956	3172	rundll32.exe	89
PID 3172 wrote to memory of 4956	3172	rundll32.exe	89
PID 3172 wrote to memory of 4956	3172	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\563135c2e446ba7670eaff1435a0ea5a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3172
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\563135c2e446ba7670eaff1435a0ea5a.dll,#1
  2⤵
  PID:4956

memory/4956-0-0x0000000000920000-0x0000000000965000-memory.dmp

Filesize
276KB

Download
memory/4956-1-0x0000000000920000-0x0000000000965000-memory.dmp

Filesize
276KB

Download