249664ec56ff850ce21289dec3afb28d9d102072bd66e68fd588a06458949d5d

Analysis

max time kernel
89s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2024, 05:00

Target

8e46a51a71dc07f0924340a644fdd41f.dll
Size

334KB
MD5

8e46a51a71dc07f0924340a644fdd41f
SHA1

8b0e300995e01139a700774d743b87c0acc889c3
SHA256

249664ec56ff850ce21289dec3afb28d9d102072bd66e68fd588a06458949d5d
SHA512

9f23987f6f2e47373e916e37223edcb8ff1ac4df4259c10a561bb1e64a400836769043b1910f00b4055c35ad05ea673b1b7a0b0f4f8890e2bc997f0e33df8436
SSDEEP

6144:LXvLa1SqHDqtYTDbINo7yTKZlHllENXpChnaglSP4npusKD41x2F/:LXvLa1SqHOsIMq2lFlyXEnaii4nEszx2

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1032 wrote to memory of 4008	1032	rundll32.exe	80
PID 1032 wrote to memory of 4008	1032	rundll32.exe	80
PID 1032 wrote to memory of 4008	1032	rundll32.exe	80

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e46a51a71dc07f0924340a644fdd41f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1032
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\8e46a51a71dc07f0924340a644fdd41f.dll,#1
  2⤵
  PID:4008

memory/4008-0-0x0000000002E00000-0x0000000002EED000-memory.dmp

Filesize
948KB

Download
memory/4008-2-0x0000000002FF0000-0x0000000002FF1000-memory.dmp

Filesize
4KB

Download
memory/4008-1-0x0000000002E00000-0x0000000002EED000-memory.dmp

Filesize
948KB

Download