9505ff4f579761c7f2a7b3ceef2f1193d72c1ab5466a4f7d24971eac3a4ab8d9

Analysis

max time kernel
88s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
28/01/2024, 08:00

Target

7c95258df9edee8928e158880ab3e5a2.dll
Size

15KB
MD5

7c95258df9edee8928e158880ab3e5a2
SHA1

af5c607af0956337e019281a0a1528ead1cd39e6
SHA256

9505ff4f579761c7f2a7b3ceef2f1193d72c1ab5466a4f7d24971eac3a4ab8d9
SHA512

ab6fd58bccc334c88df4cc6c24d00753239454cf760f84cd1e449a2cb1f7a3b10ca58a9b97bb344f01d59047e0734d4745173a0ed7330b08a25e7acfd5b7349b
SSDEEP

384:EzpaD8PmctWAz1JS1k+4p71oyesSkkuOtRL3v74MWKfm:EzpJmc1JSQlTd2Nv74Ifm

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4136 wrote to memory of 820	4136	rundll32.exe	86
PID 4136 wrote to memory of 820	4136	rundll32.exe	86
PID 4136 wrote to memory of 820	4136	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c95258df9edee8928e158880ab3e5a2.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7c95258df9edee8928e158880ab3e5a2.dll,#1
  2⤵
  PID:820

memory/820-0-0x0000000001F90000-0x0000000001F96000-memory.dmp

Filesize
24KB

Download
memory/820-1-0x0000000001F90000-0x0000000001F96000-memory.dmp

Filesize
24KB

Download