dd59b476f7426ff057a4ee80e4e095e66fd072c2e98ca175eebe5ffa0eb3aed9

Analysis

max time kernel
91s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
03/02/2024, 22:06

Target

8d77cdcd0de2cc338ecb457108f9689b.dll
Size

11KB
MD5

8d77cdcd0de2cc338ecb457108f9689b
SHA1

fe05ea22664486a363e6c28b0a33661d1209c555
SHA256

dd59b476f7426ff057a4ee80e4e095e66fd072c2e98ca175eebe5ffa0eb3aed9
SHA512

b1cedb826ba6e05c0edd6fda19aa85a17c4948216aa15ed8a607738179a292d01780f162c7ddd5b4e1a52fece327a26e12d984204e1b610247e589ddb1675e5a
SSDEEP

96:Fc34S2CvOvcITW96warGUG2nRF6YMdQK55+YyXXrh/sGgQ9nRVWWdSuCl:FcotyOcITW96wlwnRTK5ls9nRVWWd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 3100	2504	rundll32.exe	85
PID 2504 wrote to memory of 3100	2504	rundll32.exe	85
PID 2504 wrote to memory of 3100	2504	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d77cdcd0de2cc338ecb457108f9689b.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d77cdcd0de2cc338ecb457108f9689b.dll,#1
  2⤵
  PID:3100

memory/3100-0-0x0000000013570000-0x0000000013576000-memory.dmp

Filesize
24KB

Download