3d3afa3144bdfd3880bfaa9c52f9179a96de01b43c6888a7c485036009868f15

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05-03-2024 15:42

Target

1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll
Size

144KB
MD5

830821e5588a0bc67ca850720d1c977c
SHA1

c33c7a76b9cbe550be0171548a479a791646d683
SHA256

3d3afa3144bdfd3880bfaa9c52f9179a96de01b43c6888a7c485036009868f15
SHA512

6697639b254bbf145cca7ead980c82d47f379c55c374776dd937cfae636792b6d3b32aad3d023abf31c1705540aff77c125c13d4363bf3ec0ebe584b3e340cde
SSDEEP

3072:BkrG2QtyJ9eEW3hFCr0AsJJmv520TBfPgy:BGzeEgh4rhsJsvs0TBnL

Score

1^/10

Suspicious use of WriteProcessMemory 12 IoCs

Processes:

rundll32.exerundll32.exerundll32.exerundll32.exe

description	pid	process	target process
PID 2680 wrote to memory of 1044	2680	rundll32.exe	rundll32.exe
PID 2680 wrote to memory of 1044	2680	rundll32.exe	rundll32.exe
PID 2680 wrote to memory of 1044	2680	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1140	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1140	1044	rundll32.exe	rundll32.exe
PID 1044 wrote to memory of 1140	1044	rundll32.exe	rundll32.exe
PID 1140 wrote to memory of 3784	1140	rundll32.exe	rundll32.exe
PID 1140 wrote to memory of 3784	1140	rundll32.exe	rundll32.exe
PID 1140 wrote to memory of 3784	1140	rundll32.exe	rundll32.exe
PID 3784 wrote to memory of 4492	3784	rundll32.exe	rundll32.exe
PID 3784 wrote to memory of 4492	3784	rundll32.exe	rundll32.exe
PID 3784 wrote to memory of 4492	3784	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:2680

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll,#1
2⤵
- Suspicious use of WriteProcessMemory
PID:1044

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll,#1
3⤵
- Suspicious use of WriteProcessMemory
PID:1140

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll,#1
4⤵
- Suspicious use of WriteProcessMemory
PID:3784

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\1312-55-0x00000000003C0000-0x00000000003E4000-memory.dll,#1
5⤵
PID:4492