71a6b0d8a1eb003e58b2ba1844e8369d5c93bf047de96287fd8bc1f47d48ffaf

Analysis

max time kernel
129s
max time network
98s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 11:58

Target

MSVP9DEC.dll
Size

35KB
MD5

8183aafe452ae0e6cb541f30f7527e63
SHA1

e006467847ba73f865a67f50d5a6ad67f8357c78
SHA256

71a6b0d8a1eb003e58b2ba1844e8369d5c93bf047de96287fd8bc1f47d48ffaf
SHA512

d38a4fd14f612175fa16cecb68534247682c50cbeacfe025f9a84b72484c5e0f3943274580d87db50b32f2f7829198faf7afe6a50b2ee7f4f27a3836c0562b59
SSDEEP

384:AGeM5OoozjfrDTVttgh3CwKnc8PjYkEcJrjB20eJ3GMZvpX3vW86W/BIrhDBRJhZ:AjMbuTtTj0Ev20eR53H+h1Ph9149zK

Score

1^/10

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 768 wrote to memory of 4400	768	rundll32.exe	83
PID 768 wrote to memory of 4400	768	rundll32.exe	83
PID 768 wrote to memory of 4400	768	rundll32.exe	83

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\MSVP9DEC.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:768
- C:\Windows\SysWOW64\rundll32.exe
  rundll32.exe C:\Users\Admin\AppData\Local\Temp\MSVP9DEC.dll,#1
  2⤵
  PID:4400