71fba9a6f307ce71dd74e57dc405625ed3a8da0241be76cf52f81f39e8d56466

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
27-01-2024 12:24

Target

7a3eb378c0c0ab6518bc5385130a5ff9.dll
Size

101KB
MD5

7a3eb378c0c0ab6518bc5385130a5ff9
SHA1

cd967662611d2d1956e6ff4a29f8fdf23d6048ff
SHA256

71fba9a6f307ce71dd74e57dc405625ed3a8da0241be76cf52f81f39e8d56466
SHA512

e5799b4f69dab3ae24b0a99edde96027fb17ab64bd766f0997a464aa6aa96c64459a30705583a3913a00c7f9fe74358a0658576c87eacc5804cb4db34fe17493
SSDEEP

1536:3yXKOswjc4ZY+NrfTGcM+hAfc/UWNGwXH25jJB:3gK1yTTGEhac/UiGwXH25jJB

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2456 wrote to memory of 2776	2456	rundll32.exe	84
PID 2456 wrote to memory of 2776	2456	rundll32.exe	84
PID 2456 wrote to memory of 2776	2456	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a3eb378c0c0ab6518bc5385130a5ff9.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7a3eb378c0c0ab6518bc5385130a5ff9.dll,#1
  2⤵
  PID:2776

memory/2776-0-0x0000000010000000-0x000000001001D000-memory.dmp

Filesize
116KB

Download