d7fa8dfba6731ffc8699e2aef331cc0eb66fc368c128f94058161444129c55a2

Analysis

max time kernel
138s
max time network
159s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
03-02-2024 20:42

Target

8d4c7abf74193042f8760880cffa5a97.dll
Size

91KB
MD5

8d4c7abf74193042f8760880cffa5a97
SHA1

9a5803e69e4b2fc7e2a79a9a481e1f6f333c1707
SHA256

d7fa8dfba6731ffc8699e2aef331cc0eb66fc368c128f94058161444129c55a2
SHA512

6f692b377b5054f66d3aba47f8d7d3d220d90b7b8c214b1226522ada1c034e853922aca1f02a0f506f0c76d991514c1c807435fc950c06303ca0dfc8ab54181c
SSDEEP

1536:XKq3hQ3BVwGfOcnJf2xqYG4IntFSr/zAi9++Pm06fj:6AkbwFWJfa7TIYAj+Pm06fj

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 4572	2976	rundll32.exe	84
PID 2976 wrote to memory of 4572	2976	rundll32.exe	84
PID 2976 wrote to memory of 4572	2976	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d4c7abf74193042f8760880cffa5a97.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8d4c7abf74193042f8760880cffa5a97.dll,#1
  2⤵
  PID:4572

memory/4572-0-0x0000000010000000-0x000000001001B000-memory.dmp

Filesize
108KB

Download