d67640dd1893463cfd758bc3284f6db80cac60b730d2463e3b709eadac0bf80d

Analysis

max time kernel
143s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24/02/2024, 02:32

Target

old v44 pillow (Broken dev use test for uis).dll
Size

64KB
MD5

ff7cd76046521d0f72ca803fb7b68d80
SHA1

baef9bc16a7815547d1323286aa36c462f48a5bd
SHA256

d67640dd1893463cfd758bc3284f6db80cac60b730d2463e3b709eadac0bf80d
SHA512

eeedd6d9055f30be47b719a1376f9dfd95c17c8c2a29ea625af7e8bbab67e65ae68e0ea300282799bd8dbddd3108d9452550a6b4689fac3bce383a0e465f10a3
SSDEEP

1536:iJY9xDRhAAeRTy/kowrb4oA2moPF4johp/:mWBRhAAeRT4kowBA294johp/

Score

1^/10

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1604 wrote to memory of 3748	1604	rundll32.exe	85
PID 1604 wrote to memory of 3748	1604	rundll32.exe	85
PID 3748 wrote to memory of 248	3748	cmd.exe	86
PID 3748 wrote to memory of 248	3748	cmd.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\old v44 pillow (Broken dev use test for uis).dll",#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1604
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c mode con cols=103 lines=58
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3748
- - C:\Windows\system32\mode.com
    mode con cols=103 lines=58
    3⤵
    PID:248