382660833b11ff797f41f1d98a23e133884ebb9905ac4871b66ad46925bb5048

Analysis

max time kernel
90s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
29/01/2024, 10:08

Target

7f9077d7874fa39a15deea7bc1620dbd.dll
Size

87KB
MD5

7f9077d7874fa39a15deea7bc1620dbd
SHA1

b1da0e763a9b62510b796cfcb13f157f325e6941
SHA256

382660833b11ff797f41f1d98a23e133884ebb9905ac4871b66ad46925bb5048
SHA512

a7d9c97662dd4d25545ec8130784e84b46eb94c60c1eef72182a93e32a9420eb8b6427f1abae5801000201b89a050f4ed72be61b6ae0d9b06765fae043e7b5e6
SSDEEP

1536:nIqUQ7LNGUCYLfuvHEzKATJcwvRkz0E2ERZ//SVaAM+lMW1QKFy:siLQUC0gEzRWw50x2E//SwFMMW1QKFy

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 848 wrote to memory of 4488	848	rundll32.exe	85
PID 848 wrote to memory of 4488	848	rundll32.exe	85
PID 848 wrote to memory of 4488	848	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f9077d7874fa39a15deea7bc1620dbd.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\7f9077d7874fa39a15deea7bc1620dbd.dll,#1
  2⤵
  PID:4488