b782dbd696f87d28831fb8dab4efc6d3779e04ceb305c235acd59bf076116cd5

Analysis

max time kernel
213s
max time network
294s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 10:07

Target

nvmp/client.dll
Size

3.3MB
MD5

62edf80a8ff19f92527d83811f8697df
SHA1

cba17efda7dcf980b061590a7763db2a52e2658e
SHA256

299d125ba936071a6d3d143acab35d5a188e550e804232bfbeb9c23ae6e3ba88
SHA512

9ae5f8894c105f94395f97440298350659a8bd117b39fe26c727a135579e452c3bca96fe5c06385b4b1f6b43f3b067048ca5d1ef544dfa0010ad54fc74e86b8f
SSDEEP

49152:P4U+pCsG1JjYd9Akber+9GUZuQMb4az9rrlAg4IYrUT/6j9eFSK3499SeBZ4gR+z:J1Ydpbp+b4Cho26j9esH

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4888 wrote to memory of 392	4888	rundll32.exe	86
PID 4888 wrote to memory of 392	4888	rundll32.exe	86
PID 4888 wrote to memory of 392	4888	rundll32.exe	86

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\nvmp\client.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:4888
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\nvmp\client.dll,#1
  2⤵
  PID:392