2b532ba88ef97140250a0bd5a9f2a16185390103dfe414f97cf855176d7175c4

Analysis

max time kernel
93s
max time network
113s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28-02-2024 23:33

Target

ad2387bad62e4fd1fc7ac9bbf1a1a802.dll
Size

42KB
MD5

ad2387bad62e4fd1fc7ac9bbf1a1a802
SHA1

2ac735a23a16d7bd03521bb821ac644688586263
SHA256

2b532ba88ef97140250a0bd5a9f2a16185390103dfe414f97cf855176d7175c4
SHA512

91685b912592b54a76f32b414f91a4fe4b6a40ef82c02d5befe42636296825dc5b1bb65237a8cb98d25b6b8988e9029e56d9920b50c19a66e758bbf644272d45
SSDEEP

768:Vv+5qD1szHOhbZRTNjFLwfkIy9rJabCuTF9MJRh8KQtN:s5qD1sD2T7XIgYfMJRdQ

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 1524 wrote to memory of 228	1524	rundll32.exe	35
PID 1524 wrote to memory of 228	1524	rundll32.exe	35
PID 1524 wrote to memory of 228	1524	rundll32.exe	35

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad2387bad62e4fd1fc7ac9bbf1a1a802.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1524
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ad2387bad62e4fd1fc7ac9bbf1a1a802.dll,#1
  2⤵
  PID:228

memory/228-0-0x0000000000BF0000-0x0000000000C04000-memory.dmp

Filesize
80KB

Download
memory/228-1-0x0000000000BF0000-0x0000000000C04000-memory.dmp

Filesize
80KB

Download