7de912a9fa482c06819c2b22104e6adcb1b4eb52905c255f4b572eafff3addbf

Analysis

max time kernel
139s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2024 12:37

Target

5b41d672492b98e84a75652678ef282a.dll
Size

154KB
MD5

5b41d672492b98e84a75652678ef282a
SHA1

7f8d311d04b0ab42f0a080585a60c1f3900f6635
SHA256

7de912a9fa482c06819c2b22104e6adcb1b4eb52905c255f4b572eafff3addbf
SHA512

708650e1eb8faf5681ab45843a28943bd071a99ec63bad6a2996764b94bcfb7e47046994555327a36023f6a750637ded3d858622182bbdaf2023645160ffcb43
SSDEEP

3072:s3FGaH4ue4MLajTYESE4mXR1d1xOhiCBhxw/cxkVYyzy:s3FGaH4a7jkEV4mXx1xOhiCBh2/cxkVQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 3456	5036	rundll32.exe	86
PID 5036 wrote to memory of 3456	5036	rundll32.exe	86
PID 5036 wrote to memory of 3456	5036	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b41d672492b98e84a75652678ef282a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\5b41d672492b98e84a75652678ef282a.dll,#1
  2⤵
  PID:3456

memory/3456-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download