caa8a696fe19ac95f7cc034bf1e88e2595f40e5963e6e0fa1b17bec055b552f5

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 00:21

Target

PWMultiHack3/DinmaiteHF.dll
Size

148KB
MD5

3b3b757cced57651b5f22910d38fe75e
SHA1

e237a9b9b8e3b9ee752762facb7bd701d077949a
SHA256

84bb694183da6702f19dbcc4c44d5fdec561a1d85d8d5d85ee5321454252a9bc
SHA512

e41cfa0292156b7abc7d08958a3f6f66e4ef92d3ed8f003c24fe978a31fb5d41e898c2b702109ab44bd96e1ca0f89f8603a826355f3e6329fad928b0bec508df
SSDEEP

3072:6zC/cxa2Zw6hdH5t7KopghBTdYZRAZDixqirfOqH1lxRASPr:62/AhzzHPWh5dYrAZiPqqH5RdP

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3668 wrote to memory of 2280	3668	rundll32.exe	89
PID 3668 wrote to memory of 2280	3668	rundll32.exe	89
PID 3668 wrote to memory of 2280	3668	rundll32.exe	89

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\PWMultiHack3\DinmaiteHF.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3668
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\PWMultiHack3\DinmaiteHF.dll,#1
  2⤵
  PID:2280

memory/2280-0-0x0000000000400000-0x0000000000464000-memory.dmp

Filesize
400KB

Download
memory/2280-1-0x0000000000ED0000-0x0000000000ED2000-memory.dmp

Filesize
8KB

Download