499619c6bc43585013dd421ef88cf14830c85a28bc3ce3984bcf62a24f6d59fc

Analysis

max time kernel
92s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
04-04-2024 02:45

Target

$PLUGINSDIR/fwvyvpj.dll
Size

30KB
MD5

7f78792ff322a3cf595eb8e9417ec39c
SHA1

93332d47608cc064ffdb1576c67cf609f4969476
SHA256

92b284f16e60425b34f717ce20e9a379eee29163d2d47d35845110e171cefef7
SHA512

c6353e3e3124f46f2132b45a08a9711806d8f2275848e600d9d8ba1a1eac0f74120a3d51260dede3e6a52d51533f82aa7e88ba199edeceeb456c174290e255b2
SSDEEP

768:RC1IE0EO9a6u41l7Hw/pfHg6mEZ8gFsxme3s0:R4T0ECfuOl7HmHhmxpxmwj

Score

1^/10

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

rundll32.exerundll32.exe

description	pid	process	target process
PID 4116 wrote to memory of 4104	4116	rundll32.exe	rundll32.exe
PID 4116 wrote to memory of 4104	4116	rundll32.exe	rundll32.exe
PID 4116 wrote to memory of 4104	4116	rundll32.exe	rundll32.exe
PID 4104 wrote to memory of 2060	4104	rundll32.exe	rundll32.exe
PID 4104 wrote to memory of 2060	4104	rundll32.exe	rundll32.exe
PID 4104 wrote to memory of 2060	4104	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fwvyvpj.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4116
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fwvyvpj.dll,#1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4104
- - C:\Windows\SysWOW64\rundll32.exe
    rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\fwvyvpj.dll,#1
    3⤵
    PID:2060

memory/4104-0-0x0000000074930000-0x000000007493C000-memory.dmp

Filesize
48KB

Download
memory/4104-1-0x0000000074930000-0x000000007493C000-memory.dmp

Filesize
48KB

Download