44b59fc0b14ce3cd13497367a3245f5508d115987a92e1bebd97207da95fc9f2

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
15/03/2024, 01:47

Target

pugdogrun/msvcp90.dll
Size

555KB
MD5

6de5c66e434a9c1729575763d891c6c2
SHA1

a230e64e0a5830544a25890f70ce9c9296245945
SHA256

4f7ed27b532888ce72b96e52952073eab2354160d1156924489054b7fa9b0b1a
SHA512

27ec83ee49b752a31a9469e17104ed039d74919a103b625a9250ac2d4d8b8601034d8b3e2fa87aadbafbdb89b01c1152943e8f9a470293cc7d62c2eefa389d2c
SSDEEP

12288:iUmYoJC//83zMHZg7/yToyvYXO84hUgiW6QR7t5C3Ooc8SHkC2eRZRzS:iUmYoO83W0y8yeO8L3Ooc8SHkC2e8

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3848 wrote to memory of 1504	3848	rundll32.exe	87
PID 3848 wrote to memory of 1504	3848	rundll32.exe	87
PID 3848 wrote to memory of 1504	3848	rundll32.exe	87

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\pugdogrun\msvcp90.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3848
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\pugdogrun\msvcp90.dll,#1
  2⤵
  PID:1504