70bd9ab0f4288c757924bef661599c09e6d8997302df891c4663fd89a9429d45

Analysis

max time kernel
93s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 00:33

Target

8dc45607497ec62a5f56e5f2c530738d.dll
Size

80KB
MD5

8dc45607497ec62a5f56e5f2c530738d
SHA1

7e362c61d2335ce74a2b44e93c2ec039e559b8c0
SHA256

70bd9ab0f4288c757924bef661599c09e6d8997302df891c4663fd89a9429d45
SHA512

e684980b68b64ece2d746da8303a2136d3d2ef052ddb31c66a04a8dfb68d09e3041083f06a8a505cf625d939b409df51a314eeb67880f1a7438dc5628c8356d4
SSDEEP

1536:ymFjlKsUIg71ePAeTVu3f0LbqSJcmCifFmxG5hmKYFqoY:Zjl+Ig5ePDTVA0L2SJcmCiQx2hr2qoY

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1136 wrote to memory of 3576	1136	rundll32.exe	85
PID 1136 wrote to memory of 3576	1136	rundll32.exe	85
PID 1136 wrote to memory of 3576	1136	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8dc45607497ec62a5f56e5f2c530738d.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1136
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8dc45607497ec62a5f56e5f2c530738d.dll,#1
  2⤵
  PID:3576

memory/3576-0-0x00000000005F0000-0x00000000005F9000-memory.dmp

Filesize
36KB

Download