be2c1e8b419d8f8e85fb7a4a4e6a6c908244ee9520f9657da932c23cf7ed4ddb

Analysis

max time kernel
189s
max time network
1596s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
17/02/2024, 20:28

Target

$TEMP/$0.dll
Size

29KB
MD5

c3b224d15a9036805575b2ff0bcefeda
SHA1

74779ae82a97e97d770435d097821810f16c97c5
SHA256

23d8aeff49ffbac9f9490e9739e059cd7064516dbcd693fe2de77830b127ff8a
SHA512

5a5d98cc9a4aca076049340a4645879a8e4a1d2e24a672015627446d7e3729acf0b64bc8a0f702b8da735d22607fe13ba3ef6a497a57891804576899b06bb461
SSDEEP

384:XE+iXOWKqv0WEXSvQiJb7Mejv14ESgQaMOaA9qqKYu8iFz/pvow3PrCDaU2:XxspKA0ZiVfWEVUfYuhFzVowOD

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4968 wrote to memory of 3716	4968	rundll32.exe	64
PID 4968 wrote to memory of 3716	4968	rundll32.exe	64
PID 4968 wrote to memory of 3716	4968	rundll32.exe	64

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\$0.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4968
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$TEMP\$0.dll,#1
  2⤵
  PID:3716

memory/3716-0-0x0000000004530000-0x0000000004540000-memory.dmp

Filesize
64KB

Download
memory/3716-3-0x0000000000E90000-0x0000000000EA0000-memory.dmp

Filesize
64KB

Download
memory/3716-5-0x0000000073190000-0x000000007387E000-memory.dmp

Filesize
6.9MB

Download
memory/3716-4-0x0000000073A20000-0x0000000073A30000-memory.dmp

Filesize
64KB

Download
memory/3716-6-0x0000000006F60000-0x000000000745E000-memory.dmp

Filesize
5.0MB

Download
memory/3716-7-0x0000000004540000-0x00000000045D2000-memory.dmp

Filesize
584KB

Download
memory/3716-10-0x0000000073190000-0x000000007387E000-memory.dmp

Filesize
6.9MB

Download