920ee4d6e16da14af70de3df554004024590cd31ac4b57c5338761b7838b3291

Resubmissions

02/02/2024, 15:59

02/02/2024, 15:54

max time kernel
315s
max time network
861s
platform
windows10-1703_x64
resource
win10-20231215-en
resource tags

arch:x64arch:x86image:win10-20231215-enlocale:en-usos:windows10-1703-x64system
submitted
02/02/2024, 15:54

Target

SMS sender 2023/SMS sender 2023/InstallResources.dll
Size

6KB
MD5

55cb3cc8ac1765722e2afbd0ae212670
SHA1

f9d56678efcaac7627aff6942a0dac4b04dc72e9
SHA256

659821c6f712728a43a28684b4c01fdc8b24d19c5987311a399bb5adf9865cc0
SHA512

35e43fcdc69fce09069379db5fb909767c1c2192b1989031da548b72791974ddde37c0525d37e376c114aef9f340253e3d2a3c3b51b430f565c9e86f66727875
SSDEEP

48:6AtQepWe75PzGpXkRVP2dRo0C2OcPrqfJMJdgSmnvE0F39dTdv9Gj8xE+sgd/nu5:7XWeFkXGP2//OKNgSqZd9dG1+dGWY2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4252 wrote to memory of 1844	4252	rundll32.exe	73
PID 4252 wrote to memory of 1844	4252	rundll32.exe	73
PID 4252 wrote to memory of 1844	4252	rundll32.exe	73

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\SMS sender 2023\SMS sender 2023\InstallResources.dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4252
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe "C:\Users\Admin\AppData\Local\Temp\SMS sender 2023\SMS sender 2023\InstallResources.dll",#1
  2⤵
  PID:1844