ab5934829e20ce6ca654a3a4d8a41f29e76ad343c0b8800fe6c8bbfec6a19b6f

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 03:04

Target

7bf98e417db03ef91cbb11f6262525a3.dll
Size

81KB
MD5

7bf98e417db03ef91cbb11f6262525a3
SHA1

9de1bfc3c6a14c707cd7fafe3d9c0f6bf0a4a873
SHA256

ab5934829e20ce6ca654a3a4d8a41f29e76ad343c0b8800fe6c8bbfec6a19b6f
SHA512

01bad2102e003fba9494a4eac9c72654dbe8a85506f8ffd6c9cc5e2b2ad7865641f4c9c24d07670ef9b300b03588b255af73d27676a8b7958bd7953fad1fb341
SSDEEP

1536:NGn8Aa3ECMjYC51iVQmsRfhlw44AEya+dbBFn1:NGn8ABjYC5Gzs1PcAEya+dbBJ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3456 wrote to memory of 376	3456	rundll32.exe	85
PID 3456 wrote to memory of 376	3456	rundll32.exe	85
PID 3456 wrote to memory of 376	3456	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf98e417db03ef91cbb11f6262525a3.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3456
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7bf98e417db03ef91cbb11f6262525a3.dll,#1
  2⤵
  PID:376

memory/376-0-0x0000000000770000-0x000000000077B000-memory.dmp

Filesize
44KB

Download
memory/376-2-0x0000000010000000-0x000000001000A000-memory.dmp

Filesize
40KB

Download