23d18b987ed4162ab5fc624da3416a637b0f4c7451ccb4224be449e27b316c71

Analysis

max time kernel
131s
max time network
124s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 04:28

Target

$R1/Plugins/docking.dll
Size

60KB
MD5

bf49f5ac4bcda179d3e2af86dd92ae7d
SHA1

715ad84d9eaf7ef52bcf97d5477d3cdcd4f07965
SHA256

cff686ad048c9d7db12113f2fcb0947ba03c0186cb6daefc1bdca9e2ea395e7f
SHA512

d5f9c60272dfea4609f9cc3e00aea4b36c1df716af015b58e2b1f5124039fccd9b879dce8abca0954b4b86c8ed748ac698e9837faf7c1d621b1fbfe2f23e2da8
SSDEEP

768:0O1uVg17CZCojegVKLxAwbITiXjugNgvLiws8U4n1p0L2D0DfOxCU:Nmm+ZCeVKLxfGiTu8gvLiwjU4kbDfOd

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

Processes:

rundll32.exe

description	pid	process	target process
PID 3616 wrote to memory of 4688	3616	rundll32.exe	rundll32.exe
PID 3616 wrote to memory of 4688	3616	rundll32.exe	rundll32.exe
PID 3616 wrote to memory of 4688	3616	rundll32.exe	rundll32.exe

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$R1\Plugins\docking.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:3616
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\$R1\Plugins\docking.dll,#1
  2⤵
  PID:4688