b7ee94d80e4c937ecb1781313119da720b1d50665714463a4454c87211adb3a6

Analysis

max time kernel
148s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09/03/2024, 22:26

Target

bcf68b32388c6b56debd7a8fc0ee1fbb.dll
Size

29KB
MD5

bcf68b32388c6b56debd7a8fc0ee1fbb
SHA1

635ab85a24e8c86bfb3042976a96e96c6d362efd
SHA256

b7ee94d80e4c937ecb1781313119da720b1d50665714463a4454c87211adb3a6
SHA512

4bdc0b496610bb60db56749156d54c1e6640ecba33a1862a3310078d54ea58bc430ca8ed0d8f57784eb5f4af5ecb8527e45c96584f8797015aaa4fb2459a9a78
SSDEEP

384:acecHOGUnO1krbZgu6v1JL6jNiglxS8oLNAcnk679PPoi9kADbQJAVI5mmpCR8OG:aMOGmSOguPnxoLNxkcZ3sJAV4O95W

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3044 wrote to memory of 2460	3044	rundll32.exe	89
PID 3044 wrote to memory of 2460	3044	rundll32.exe	89
PID 3044 wrote to memory of 2460	3044	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcf68b32388c6b56debd7a8fc0ee1fbb.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3044
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\bcf68b32388c6b56debd7a8fc0ee1fbb.dll,#1
  2⤵
  PID:2460

memory/2460-0-0x0000000000880000-0x000000000088D000-memory.dmp

Filesize
52KB

Download