5c9e5b908f604e35abea269641b5b7b17a020e43ac1f89a0b11df89473cdf612

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
16-05-2024 22:12

Target

TetrisRes.dll
Size

308KB
MD5

0e2dbfe2ac9ec0189b4012903602d740
SHA1

92fcdac518bcb5b3a5cccb5ec53e5a99b62ac09a
SHA256

338cb576c518a81a660cb73313f5bf36efd20eaf9db8ccc0f1a17ffd2b7f9cb6
SHA512

a9c8296644c79ebd7526bfbd022712bc412c9dc4120de7d8c4d307dceaec8a07bdc960bd4ca928dc5951e1c55c9cb7b61bbe6cca41784e7d4d909bf29da5a4c2
SSDEEP

6144:SF2tr9yw7n4aqaqtCubWnAjCf/l9N5PEVb8Reqi6t7trCa5hz48DPO1m9LDkGqtF:FtRyw7nidNqAkXNhYUiqBBhz487DBqt

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 3448 wrote to memory of 3776	3448	rundll32.exe	82
PID 3448 wrote to memory of 3776	3448	rundll32.exe	82
PID 3448 wrote to memory of 3776	3448	rundll32.exe	82

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\TetrisRes.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3448
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\TetrisRes.dll,#1
  2⤵
  PID:3776

memory/3776-0-0x0000000010000000-0x00000000102B2000-memory.dmp

Filesize
2.7MB

Download