2047283856b74405fdca3831d277870dd54ff380766da31f4a8ec6e885a86a64

Analysis

max time kernel
156s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
08-03-2024 01:25

Target

ba2a3e65014afe19c31ce4f8eabd666e.dll
Size

92KB
MD5

ba2a3e65014afe19c31ce4f8eabd666e
SHA1

a31dd43af0f53a7716a165609633021e6b4df3ee
SHA256

2047283856b74405fdca3831d277870dd54ff380766da31f4a8ec6e885a86a64
SHA512

40ef7340221ca4364d0c7cf92d23804fced72fe80a60a511c24737ba39abd3093fae2832f93985634abb95d86176f99edd70aac46aeaa51a46c67d7d9a5f5e33
SSDEEP

1536:hiqcbQqBMhd4BCj/rVOCbTmECuw1tdan7jeXZvrODjb9nwcL8Iy:EFM8UVzbTJfw1un7kvrsjb9npLby

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 2944	4804	rundll32.exe	88
PID 4804 wrote to memory of 2944	4804	rundll32.exe	88
PID 4804 wrote to memory of 2944	4804	rundll32.exe	88

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba2a3e65014afe19c31ce4f8eabd666e.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\ba2a3e65014afe19c31ce4f8eabd666e.dll,#1
  2⤵
  PID:2944

C:\ProgramData\zhqbdf16.ini

Filesize
14B

MD5
95f3ef681f0ef4ed85e36ac92de0244e

SHA1
fb9ed20a0761e9ca1c3100078b3f5ec16efb2e03

SHA256
390e65802e705fe8928f41b135234653c86a3871bd8a3ec9c666fb33ccd9b468

SHA512
1c49bc25196f5486d35f4e359b041b4ce5e68dbfaddb605d6e79759d498a1dd3e9a38d894e5abdfd90262f6bdb4c9428497e049e24505fa35a2c5353a2166c58

Download Submit
memory/2944-350-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download
memory/2944-1945-0x0000000000400000-0x000000000041C000-memory.dmp

Filesize
112KB

Download