4ea89725966de1633087bde33e2d01f164ba8caad24276ce69c886580f20e476

Analysis

max time kernel
92s
max time network
114s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 16:39

Target

ac5a9c6742d9503bb8654129a3f1a08a.dll
Size

290KB
MD5

ac5a9c6742d9503bb8654129a3f1a08a
SHA1

2c78c9398d4a8e0e27244cc0c99a963a7f9184e5
SHA256

4ea89725966de1633087bde33e2d01f164ba8caad24276ce69c886580f20e476
SHA512

9058f1b45d08b24dc7359264669d20bb4950bdb549fdc5c76b64b6e659532ef0ea672c68004cb3ade5b2e5e370297ffafa7aa2f4887b76a2d720024326c9c60f
SSDEEP

6144:lC/E1RPfrRfy4mLV9vLpzCYv4yAy/dT2vnPs5BeXvtUoTPD:lC/EDPDJjmLV9vLpWYv44/UfPyBCUo/

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4584 wrote to memory of 4436	4584	rundll32.exe	88
PID 4584 wrote to memory of 4436	4584	rundll32.exe	88
PID 4584 wrote to memory of 4436	4584	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac5a9c6742d9503bb8654129a3f1a08a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4584
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ac5a9c6742d9503bb8654129a3f1a08a.dll,#1
  2⤵
  PID:4436

memory/4436-0-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4436-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download