a11432e7e4a2a2360defc2e6acd72b6fbcd4fa02449f3fdf13d023e60081f990

Analysis

max time kernel
95s
max time network
120s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2024 10:49

Target

3764a50b7d850b1e62b655e561f51ac08c0a02bffd9c695ef338259108afd740.dll
Size

549KB
MD5

bf05b2454daf2d40994667d62bb08394
SHA1

8affff81fb9210da62346f14394d852b7e444c3f
SHA256

a11432e7e4a2a2360defc2e6acd72b6fbcd4fa02449f3fdf13d023e60081f990
SHA512

0edc4f7cffe259cee362e6af83c6e1373e3580577ca80a4e0b45b6cdfc5d6b93132a8833f224b0450a41e728ec5655843b414c77d4b40508acc9707616191b62
SSDEEP

6144:vR1ta6aRKUCIKbHEs+Pfd8LgOZzRVZjprQoWG8vwK+VVxjyaMxaEDFrp3f:vR5aRKUCIKbHEs+NErVZlP8vgjFCL

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 5060 wrote to memory of 4328	5060	rundll32.exe	87
PID 5060 wrote to memory of 4328	5060	rundll32.exe	87
PID 5060 wrote to memory of 4328	5060	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\3764a50b7d850b1e62b655e561f51ac08c0a02bffd9c695ef338259108afd740.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:5060
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\3764a50b7d850b1e62b655e561f51ac08c0a02bffd9c695ef338259108afd740.dll,#1
  2⤵
  PID:4328

memory/4328-0-0x0000000075090000-0x00000000750BB000-memory.dmp

Filesize
172KB

Download