d9eab44547374b7a7ac21fe4a36bf79049b3373865fa319c371578368e716ab5

Analysis

max time kernel
148s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
24-02-2024 17:55

Target

interop.d3dimageex.dll
Size

69KB
MD5

d924c109da0f7a9e1debc63cb6d9b30b
SHA1

12d448adec917d57e5209f0eacd9a6d97d1fb9b7
SHA256

d9eab44547374b7a7ac21fe4a36bf79049b3373865fa319c371578368e716ab5
SHA512

3054841853e8f4e8aad20b64d973e6eec2b81c04a81296b471e365513433fa9d8f5dca63e855fd3379e87c30fe6c066f5374e3d0f42873e16d83557f075fdb8f
SSDEEP

768:MVElV/fknCwEPONchPwBqX0mqpVzaaS0GfHkLfuWcptQY8lyQoHd1:MWlVHknhEqchPqq+zaaSiLfu7tQ6Hd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1780 wrote to memory of 4060	1780	rundll32.exe	85
PID 1780 wrote to memory of 4060	1780	rundll32.exe	85
PID 1780 wrote to memory of 4060	1780	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\interop.d3dimageex.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1780
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\interop.d3dimageex.dll,#1
  2⤵
  PID:4060