e2f499db9d7825fbfac3655fe6d33c9d488cda5617ce46dd3cc40e1e03894b6f

Analysis

max time kernel
143s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
12/02/2024, 23:03

Target

97d6e28a8293f46dfdcf1d9b70a2ac7f.dll
Size

88KB
MD5

97d6e28a8293f46dfdcf1d9b70a2ac7f
SHA1

5d724446ff1331dacd7950f7a7a80086f7075fa0
SHA256

e2f499db9d7825fbfac3655fe6d33c9d488cda5617ce46dd3cc40e1e03894b6f
SHA512

63853bda5f761cd6a75f4f406f2c51e52ae3819f7bb43e1fab98c30c38835b78c3cd7729b224a219160e2fff3c9a328e718329f20aceaa177567aaaa8e1a6a51
SSDEEP

1536:yPKU3WhmwALq1ahc9hSm+zncuI0WjZqG5ZZtOjC15RX+kznY3upro3YURxInkPZR:yPZmhnUq6c9hSNcuUZqwcjQLXzlroVeU

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 744 wrote to memory of 588	744	rundll32.exe	84
PID 744 wrote to memory of 588	744	rundll32.exe	84
PID 744 wrote to memory of 588	744	rundll32.exe	84

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\97d6e28a8293f46dfdcf1d9b70a2ac7f.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:744
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\97d6e28a8293f46dfdcf1d9b70a2ac7f.dll,#1
  2⤵
  PID:588

memory/588-1-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download
memory/588-2-0x0000000010000000-0x0000000010043000-memory.dmp

Filesize
268KB

Download