333b52c2cfac56b86ee9d54aef4f0ff4144528917bc1aa1fe1613efc2318339a

Analysis

max time kernel
93s
max time network
94s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
10/04/2024, 10:15

Target

333b52c2cfac56b86ee9d54aef4f0ff4144528917bc1aa1fe1613efc2318339a.dll
Size

11KB
MD5

832415bba4378181e3c975f247b9d0e8
SHA1

7d92970e8394b20b887bf2de60408da15e260d9f
SHA256

333b52c2cfac56b86ee9d54aef4f0ff4144528917bc1aa1fe1613efc2318339a
SHA512

fde140172268bd3969a614e6156ff3dc82a214a43c4441971873315bf6246fa0ad56f2e8794f536d09c9cc84e4b17d8be537a5d8dece43234dc68602e8a2e8b0
SSDEEP

192:tzPQIZHPRNqK2KUcew7pgzDWpHT8NfH0JOqsmVgz28WhBqRdZlvks:dPQAEKRSqgzDGE8JN77hhOZl7

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 2604	4644	rundll32.exe	85
PID 4644 wrote to memory of 2604	4644	rundll32.exe	85
PID 4644 wrote to memory of 2604	4644	rundll32.exe	85

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\333b52c2cfac56b86ee9d54aef4f0ff4144528917bc1aa1fe1613efc2318339a.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\333b52c2cfac56b86ee9d54aef4f0ff4144528917bc1aa1fe1613efc2318339a.dll,#1
  2⤵
  PID:2604

memory/2604-0-0x0000000075500000-0x0000000075505000-memory.dmp

Filesize
20KB

Download