f45f271b032f9fcd17ae8656b647b5b521ad4532fc42cb4d8b94f1029483eab3

Analysis

max time kernel
164s
max time network
175s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
13-01-2024 11:57

Target

58dca8f203130b3a3e36d5d4149c04af.dll
Size

144KB
MD5

58dca8f203130b3a3e36d5d4149c04af
SHA1

d4f7403fb584e0a01ad220d319b61a183946f55b
SHA256

f45f271b032f9fcd17ae8656b647b5b521ad4532fc42cb4d8b94f1029483eab3
SHA512

ed495528290d314910231b149baa26d043ad7498d581bcda2fb1c8f100c7c700c0fed4715317367848b097dd2c2dbc910b173c5bb3a022ec60db208e20a32d77
SSDEEP

1536:uIlL9T5Xx1ogKMvw5Br7KLKLI+Xe+QnyH4Cc0tR6nGVp/VTbkE0DJ4ZwmroVsW:7tvBOI+FQny5R6nG//SdaZwmssW

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 932	3192	rundll32.exe	88
PID 3192 wrote to memory of 932	3192	rundll32.exe	88
PID 3192 wrote to memory of 932	3192	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\58dca8f203130b3a3e36d5d4149c04af.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\58dca8f203130b3a3e36d5d4149c04af.dll,#1
  2⤵
  PID:932

memory/932-0-0x000000007C120000-0x000000007C148000-memory.dmp

Filesize
160KB

Download