91cb3641a6dc7c29319270f008121c4a6cd3ee0f8be2b70952ff6217d0c80b37

Analysis

max time kernel
50s
max time network
52s
platform
windows10-1703_x64
resource
win10-20231220-en
resource tags

arch:x64arch:x86image:win10-20231220-enlocale:en-usos:windows10-1703-x64system
submitted
04-02-2024 03:49

Target

91cb3641a6dc7c29319270f008121c4a6cd3ee0f8be2b70952ff6217d0c80b37.dll
Size

2.4MB
MD5

60278c734d0e8005e0270d207d55d56d
SHA1

456c2f76b1715098edc0d2fd2ec012f3b05934d8
SHA256

91cb3641a6dc7c29319270f008121c4a6cd3ee0f8be2b70952ff6217d0c80b37
SHA512

e96c547b041ba68adba9ab69bfb711d280b4c47e186ed9d2248d862d138b656676fb4044737e60d661c7e2d8ecfc7fc838d490b03b5c3977119d64ec8a05f53c
SSDEEP

49152:opGqXghvaswB6Iasikhxo/BXsloRxF9Yie8Qa9hVp6R0h6Ndv6R:6ghyXlas9GXmohYik/6R

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1620 wrote to memory of 316	1620	rundll32.exe	18
PID 1620 wrote to memory of 316	1620	rundll32.exe	18
PID 1620 wrote to memory of 316	1620	rundll32.exe	18

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\91cb3641a6dc7c29319270f008121c4a6cd3ee0f8be2b70952ff6217d0c80b37.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\91cb3641a6dc7c29319270f008121c4a6cd3ee0f8be2b70952ff6217d0c80b37.dll,#1
  2⤵
  PID:316

memory/316-0-0x0000000010000000-0x0000000010267000-memory.dmp

Filesize
2.4MB

Download
memory/316-1-0x0000000002E80000-0x0000000002E86000-memory.dmp

Filesize
24KB

Download
memory/316-4-0x0000000004E10000-0x0000000004F4D000-memory.dmp

Filesize
1.2MB

Download
memory/316-5-0x0000000004F50000-0x000000000506F000-memory.dmp

Filesize
1.1MB

Download
memory/316-8-0x0000000004F50000-0x000000000506F000-memory.dmp

Filesize
1.1MB

Download
memory/316-9-0x0000000010000000-0x0000000010267000-memory.dmp

Filesize
2.4MB

Download