d10af10bb1fef55e91b3f7bbb70192f309173af1c36246a3324bae78d4b582e9

Analysis

max time kernel
148s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
19/01/2024, 10:50

Target

676fae30544e680f959a7665d8773afa.dll
Size

175KB
MD5

676fae30544e680f959a7665d8773afa
SHA1

04c2e106ce2603ac954c5cf1ae812a5c4d952e2d
SHA256

d10af10bb1fef55e91b3f7bbb70192f309173af1c36246a3324bae78d4b582e9
SHA512

8f053985fe0f9764ba92cd4f98f9cf7e937abe734fe8d6f340ab973c2a69fe0e40c6193bba7ff850ff1694064a1bb0465610a7f7555fa40cefdf89c7b5e3d67b
SSDEEP

3072:ZDTeGF7Ms6wUDrhou9pFaN9tEowIzS8zlXZU54JZI6mM2U6k2X94hW2otKUgwXYN:8iMs6Bhouj/o1OA5ZUa8MX29vOUgwI

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2300 wrote to memory of 4804	2300	rundll32.exe	38
PID 2300 wrote to memory of 4804	2300	rundll32.exe	38
PID 2300 wrote to memory of 4804	2300	rundll32.exe	38

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\676fae30544e680f959a7665d8773afa.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2300
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\676fae30544e680f959a7665d8773afa.dll,#1
  2⤵
  PID:4804

memory/4804-0-0x0000000000BF0000-0x0000000000BFA000-memory.dmp

Filesize
40KB

Download
memory/4804-1-0x0000000010000000-0x0000000010037000-memory.dmp

Filesize
220KB

Download