0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87

Resubmissions

03-12-2024 16:44

09-03-2024 17:26

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
09-03-2024 17:26

Target

0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87.dll
Size

148KB
MD5

570547fa75c15e6eb9e651f2a2ee0749
SHA1

f20d9c3d2e3fb891fe5ae4b656bdc50a87f2707f
SHA256

0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87
SHA512

8043ca9d566c0c03c9a2779710cad7d542e16dabf9a13d2e61c22ac288d2a204561f1ddb1ad80b6b31c0af1e68b681a58f7fb3d8aa0015876537a91d58c670e9
SSDEEP

3072:HnJvHI9R9qmjHh/yAyKnLjhadSIVs8RQq8qkHIBnREDKLWB8tB5blZp:d4R9qmjVylKfhadSgxp+7B8tB5bXp

Score

1^/10

Suspicious behavior: EnumeratesProcesses 8 IoCs

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 552 wrote to memory of 4568	552	rundll32.exe	89
PID 552 wrote to memory of 4568	552	rundll32.exe	89
PID 552 wrote to memory of 4568	552	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:552
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\0259316ce197d74829b9158c22b051673db63ece0e4b45df32a41fcbb3918c87.dll,#1
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568

memory/4568-1-0x0000000076F42000-0x0000000076F43000-memory.dmp

Filesize
4KB

Download
memory/4568-2-0x0000000000E70000-0x0000000000E80000-memory.dmp

Filesize
64KB

Download
memory/4568-4-0x0000000000F80000-0x0000000000F81000-memory.dmp

Filesize
4KB

Download
memory/4568-3-0x0000000076F42000-0x0000000076F43000-memory.dmp

Filesize
4KB

Download